Merge pull request #52 from Sxderp/pr-add-priority
add priority to rich rules
This commit is contained in:
commit
71e8d373d7
@ -4,12 +4,8 @@
|
|||||||
Do not edit this file manually, it will be overwritten!
|
Do not edit this file manually, it will be overwritten!
|
||||||
Modify the salt pillar for firewalld instead
|
Modify the salt pillar for firewalld instead
|
||||||
-->
|
-->
|
||||||
{%- macro rich_rule(rule) -%}
|
{%- macro rich_rule(rule) %}
|
||||||
{%- if 'family' in rule %}
|
<rule{% if 'family' in rule %} family="{{ rule.family }}"{% endif %}{% if 'priority' in rule %} priority="{{ rule.priority }}"{% endif %}>
|
||||||
<rule family="{{ rule.family }}">
|
|
||||||
{%- else %}
|
|
||||||
<rule>
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'ipset' in rule %}
|
{%- if 'ipset' in rule %}
|
||||||
<source ipset="{{ rule.ipset.name }}" />
|
<source ipset="{{ rule.ipset.name }}" />
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
@ -167,6 +167,13 @@ firewalld:
|
|||||||
# can be used. Special keys "ipsets" and "services", if defined, take precedence.
|
# can be used. Special keys "ipsets" and "services", if defined, take precedence.
|
||||||
# They will be auto-expanded into separate rich rules per value in the list.
|
# They will be auto-expanded into separate rich rules per value in the list.
|
||||||
rich_rules:
|
rich_rules:
|
||||||
|
http-priority:
|
||||||
|
accept: true
|
||||||
|
ipsets:
|
||||||
|
- other-ipset
|
||||||
|
priority: 15
|
||||||
|
services:
|
||||||
|
- http
|
||||||
ssh-csg:
|
ssh-csg:
|
||||||
accept: true
|
accept: true
|
||||||
ipsets:
|
ipsets:
|
||||||
|
@ -63,6 +63,11 @@ control 'zones/rich_public.xml configuration' do
|
|||||||
<zone>
|
<zone>
|
||||||
<short>rich_public</short>
|
<short>rich_public</short>
|
||||||
<description>Example</description>
|
<description>Example</description>
|
||||||
|
<rule priority="15">
|
||||||
|
<source ipset="other-ipset" />
|
||||||
|
<service name="http" />
|
||||||
|
<accept></accept>
|
||||||
|
</rule>
|
||||||
<rule>
|
<rule>
|
||||||
<source ipset="fail2ban-ssh" />
|
<source ipset="fail2ban-ssh" />
|
||||||
<service name="ssh" />
|
<service name="ssh" />
|
||||||
|
@ -150,6 +150,13 @@ values:
|
|||||||
rich_public:
|
rich_public:
|
||||||
description: Example
|
description: Example
|
||||||
rich_rules:
|
rich_rules:
|
||||||
|
http-priority:
|
||||||
|
accept: true
|
||||||
|
ipsets:
|
||||||
|
- other-ipset
|
||||||
|
priority: 15
|
||||||
|
services:
|
||||||
|
- http
|
||||||
ssh-csg:
|
ssh-csg:
|
||||||
accept: true
|
accept: true
|
||||||
ipsets:
|
ipsets:
|
||||||
|
@ -157,6 +157,13 @@ values:
|
|||||||
rich_public:
|
rich_public:
|
||||||
description: Example
|
description: Example
|
||||||
rich_rules:
|
rich_rules:
|
||||||
|
http-priority:
|
||||||
|
accept: true
|
||||||
|
ipsets:
|
||||||
|
- other-ipset
|
||||||
|
priority: 15
|
||||||
|
services:
|
||||||
|
- http
|
||||||
ssh-csg:
|
ssh-csg:
|
||||||
accept: true
|
accept: true
|
||||||
ipsets:
|
ipsets:
|
||||||
|
@ -157,6 +157,13 @@ values:
|
|||||||
rich_public:
|
rich_public:
|
||||||
description: Example
|
description: Example
|
||||||
rich_rules:
|
rich_rules:
|
||||||
|
http-priority:
|
||||||
|
accept: true
|
||||||
|
ipsets:
|
||||||
|
- other-ipset
|
||||||
|
priority: 15
|
||||||
|
services:
|
||||||
|
- http
|
||||||
ssh-csg:
|
ssh-csg:
|
||||||
accept: true
|
accept: true
|
||||||
ipsets:
|
ipsets:
|
||||||
|
@ -157,6 +157,13 @@ values:
|
|||||||
rich_public:
|
rich_public:
|
||||||
description: Example
|
description: Example
|
||||||
rich_rules:
|
rich_rules:
|
||||||
|
http-priority:
|
||||||
|
accept: true
|
||||||
|
ipsets:
|
||||||
|
- other-ipset
|
||||||
|
priority: 15
|
||||||
|
services:
|
||||||
|
- http
|
||||||
ssh-csg:
|
ssh-csg:
|
||||||
accept: true
|
accept: true
|
||||||
ipsets:
|
ipsets:
|
||||||
|
@ -157,6 +157,13 @@ values:
|
|||||||
rich_public:
|
rich_public:
|
||||||
description: Example
|
description: Example
|
||||||
rich_rules:
|
rich_rules:
|
||||||
|
http-priority:
|
||||||
|
accept: true
|
||||||
|
ipsets:
|
||||||
|
- other-ipset
|
||||||
|
priority: 15
|
||||||
|
services:
|
||||||
|
- http
|
||||||
ssh-csg:
|
ssh-csg:
|
||||||
accept: true
|
accept: true
|
||||||
ipsets:
|
ipsets:
|
||||||
|
@ -157,6 +157,13 @@ values:
|
|||||||
rich_public:
|
rich_public:
|
||||||
description: Example
|
description: Example
|
||||||
rich_rules:
|
rich_rules:
|
||||||
|
http-priority:
|
||||||
|
accept: true
|
||||||
|
ipsets:
|
||||||
|
- other-ipset
|
||||||
|
priority: 15
|
||||||
|
services:
|
||||||
|
- http
|
||||||
ssh-csg:
|
ssh-csg:
|
||||||
accept: true
|
accept: true
|
||||||
ipsets:
|
ipsets:
|
||||||
|
@ -157,6 +157,13 @@ values:
|
|||||||
rich_public:
|
rich_public:
|
||||||
description: Example
|
description: Example
|
||||||
rich_rules:
|
rich_rules:
|
||||||
|
http-priority:
|
||||||
|
accept: true
|
||||||
|
ipsets:
|
||||||
|
- other-ipset
|
||||||
|
priority: 15
|
||||||
|
services:
|
||||||
|
- http
|
||||||
ssh-csg:
|
ssh-csg:
|
||||||
accept: true
|
accept: true
|
||||||
ipsets:
|
ipsets:
|
||||||
|
@ -157,6 +157,13 @@ values:
|
|||||||
rich_public:
|
rich_public:
|
||||||
description: Example
|
description: Example
|
||||||
rich_rules:
|
rich_rules:
|
||||||
|
http-priority:
|
||||||
|
accept: true
|
||||||
|
ipsets:
|
||||||
|
- other-ipset
|
||||||
|
priority: 15
|
||||||
|
services:
|
||||||
|
- http
|
||||||
ssh-csg:
|
ssh-csg:
|
||||||
accept: true
|
accept: true
|
||||||
ipsets:
|
ipsets:
|
||||||
|
@ -157,6 +157,13 @@ values:
|
|||||||
rich_public:
|
rich_public:
|
||||||
description: Example
|
description: Example
|
||||||
rich_rules:
|
rich_rules:
|
||||||
|
http-priority:
|
||||||
|
accept: true
|
||||||
|
ipsets:
|
||||||
|
- other-ipset
|
||||||
|
priority: 15
|
||||||
|
services:
|
||||||
|
- http
|
||||||
ssh-csg:
|
ssh-csg:
|
||||||
accept: true
|
accept: true
|
||||||
ipsets:
|
ipsets:
|
||||||
|
@ -157,6 +157,13 @@ values:
|
|||||||
rich_public:
|
rich_public:
|
||||||
description: Example
|
description: Example
|
||||||
rich_rules:
|
rich_rules:
|
||||||
|
http-priority:
|
||||||
|
accept: true
|
||||||
|
ipsets:
|
||||||
|
- other-ipset
|
||||||
|
priority: 15
|
||||||
|
services:
|
||||||
|
- http
|
||||||
ssh-csg:
|
ssh-csg:
|
||||||
accept: true
|
accept: true
|
||||||
ipsets:
|
ipsets:
|
||||||
|
@ -157,6 +157,13 @@ values:
|
|||||||
rich_public:
|
rich_public:
|
||||||
description: Example
|
description: Example
|
||||||
rich_rules:
|
rich_rules:
|
||||||
|
http-priority:
|
||||||
|
accept: true
|
||||||
|
ipsets:
|
||||||
|
- other-ipset
|
||||||
|
priority: 15
|
||||||
|
services:
|
||||||
|
- http
|
||||||
ssh-csg:
|
ssh-csg:
|
||||||
accept: true
|
accept: true
|
||||||
ipsets:
|
ipsets:
|
||||||
|
@ -157,6 +157,13 @@ values:
|
|||||||
rich_public:
|
rich_public:
|
||||||
description: Example
|
description: Example
|
||||||
rich_rules:
|
rich_rules:
|
||||||
|
http-priority:
|
||||||
|
accept: true
|
||||||
|
ipsets:
|
||||||
|
- other-ipset
|
||||||
|
priority: 15
|
||||||
|
services:
|
||||||
|
- http
|
||||||
ssh-csg:
|
ssh-csg:
|
||||||
accept: true
|
accept: true
|
||||||
ipsets:
|
ipsets:
|
||||||
|
@ -157,6 +157,13 @@ values:
|
|||||||
rich_public:
|
rich_public:
|
||||||
description: Example
|
description: Example
|
||||||
rich_rules:
|
rich_rules:
|
||||||
|
http-priority:
|
||||||
|
accept: true
|
||||||
|
ipsets:
|
||||||
|
- other-ipset
|
||||||
|
priority: 15
|
||||||
|
services:
|
||||||
|
- http
|
||||||
ssh-csg:
|
ssh-csg:
|
||||||
accept: true
|
accept: true
|
||||||
ipsets:
|
ipsets:
|
||||||
|
@ -157,6 +157,13 @@ values:
|
|||||||
rich_public:
|
rich_public:
|
||||||
description: Example
|
description: Example
|
||||||
rich_rules:
|
rich_rules:
|
||||||
|
http-priority:
|
||||||
|
accept: true
|
||||||
|
ipsets:
|
||||||
|
- other-ipset
|
||||||
|
priority: 15
|
||||||
|
services:
|
||||||
|
- http
|
||||||
ssh-csg:
|
ssh-csg:
|
||||||
accept: true
|
accept: true
|
||||||
ipsets:
|
ipsets:
|
||||||
|
@ -157,6 +157,13 @@ values:
|
|||||||
rich_public:
|
rich_public:
|
||||||
description: Example
|
description: Example
|
||||||
rich_rules:
|
rich_rules:
|
||||||
|
http-priority:
|
||||||
|
accept: true
|
||||||
|
ipsets:
|
||||||
|
- other-ipset
|
||||||
|
priority: 15
|
||||||
|
services:
|
||||||
|
- http
|
||||||
ssh-csg:
|
ssh-csg:
|
||||||
accept: true
|
accept: true
|
||||||
ipsets:
|
ipsets:
|
||||||
|
@ -157,6 +157,13 @@ values:
|
|||||||
rich_public:
|
rich_public:
|
||||||
description: Example
|
description: Example
|
||||||
rich_rules:
|
rich_rules:
|
||||||
|
http-priority:
|
||||||
|
accept: true
|
||||||
|
ipsets:
|
||||||
|
- other-ipset
|
||||||
|
priority: 15
|
||||||
|
services:
|
||||||
|
- http
|
||||||
ssh-csg:
|
ssh-csg:
|
||||||
accept: true
|
accept: true
|
||||||
ipsets:
|
ipsets:
|
||||||
|
@ -157,6 +157,13 @@ values:
|
|||||||
rich_public:
|
rich_public:
|
||||||
description: Example
|
description: Example
|
||||||
rich_rules:
|
rich_rules:
|
||||||
|
http-priority:
|
||||||
|
accept: true
|
||||||
|
ipsets:
|
||||||
|
- other-ipset
|
||||||
|
priority: 15
|
||||||
|
services:
|
||||||
|
- http
|
||||||
ssh-csg:
|
ssh-csg:
|
||||||
accept: true
|
accept: true
|
||||||
ipsets:
|
ipsets:
|
||||||
|
@ -157,6 +157,13 @@ values:
|
|||||||
rich_public:
|
rich_public:
|
||||||
description: Example
|
description: Example
|
||||||
rich_rules:
|
rich_rules:
|
||||||
|
http-priority:
|
||||||
|
accept: true
|
||||||
|
ipsets:
|
||||||
|
- other-ipset
|
||||||
|
priority: 15
|
||||||
|
services:
|
||||||
|
- http
|
||||||
ssh-csg:
|
ssh-csg:
|
||||||
accept: true
|
accept: true
|
||||||
ipsets:
|
ipsets:
|
||||||
|
Loading…
Reference in New Issue
Block a user