Merge pull request #52 from Sxderp/pr-add-priority

add priority to rich rules
This commit is contained in:
Imran Iqbal 2021-06-18 19:39:40 +01:00 committed by GitHub
commit 71e8d373d7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
21 changed files with 140 additions and 6 deletions

View File

@ -4,12 +4,8 @@
Do not edit this file manually, it will be overwritten! Do not edit this file manually, it will be overwritten!
Modify the salt pillar for firewalld instead Modify the salt pillar for firewalld instead
--> -->
{%- macro rich_rule(rule) -%} {%- macro rich_rule(rule) %}
{%- if 'family' in rule %} <rule{% if 'family' in rule %} family="{{ rule.family }}"{% endif %}{% if 'priority' in rule %} priority="{{ rule.priority }}"{% endif %}>
<rule family="{{ rule.family }}">
{%- else %}
<rule>
{%- endif %}
{%- if 'ipset' in rule %} {%- if 'ipset' in rule %}
<source ipset="{{ rule.ipset.name }}" /> <source ipset="{{ rule.ipset.name }}" />
{%- endif %} {%- endif %}

View File

@ -167,6 +167,13 @@ firewalld:
# can be used. Special keys "ipsets" and "services", if defined, take precedence. # can be used. Special keys "ipsets" and "services", if defined, take precedence.
# They will be auto-expanded into separate rich rules per value in the list. # They will be auto-expanded into separate rich rules per value in the list.
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

View File

@ -63,6 +63,11 @@ control 'zones/rich_public.xml configuration' do
<zone> <zone>
<short>rich_public</short> <short>rich_public</short>
<description>Example</description> <description>Example</description>
<rule priority="15">
<source ipset="other-ipset" />
<service name="http" />
<accept></accept>
</rule>
<rule> <rule>
<source ipset="fail2ban-ssh" /> <source ipset="fail2ban-ssh" />
<service name="ssh" /> <service name="ssh" />

View File

@ -150,6 +150,13 @@ values:
rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

View File

@ -157,6 +157,13 @@ values:
rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

View File

@ -157,6 +157,13 @@ values:
rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

View File

@ -157,6 +157,13 @@ values:
rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

View File

@ -157,6 +157,13 @@ values:
rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

View File

@ -157,6 +157,13 @@ values:
rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

View File

@ -157,6 +157,13 @@ values:
rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

View File

@ -157,6 +157,13 @@ values:
rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

View File

@ -157,6 +157,13 @@ values:
rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

View File

@ -157,6 +157,13 @@ values:
rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

View File

@ -157,6 +157,13 @@ values:
rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

View File

@ -157,6 +157,13 @@ values:
rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

View File

@ -157,6 +157,13 @@ values:
rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

View File

@ -157,6 +157,13 @@ values:
rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

View File

@ -157,6 +157,13 @@ values:
rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

View File

@ -157,6 +157,13 @@ values:
rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

View File

@ -157,6 +157,13 @@ values:
rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

View File

@ -157,6 +157,13 @@ values:
rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets: