feat(zone.xml): allow more services definition inside zone
Now multiple sections ending with `services` can be defined for each in pillar and all of them will get merged into one service block in the zone. The goal is to keep backward compatibility while allowing different services to be defined in different pillars. So basically have various parts of the pillar affecting the firewall without need to define everything centrally. Helpful for the exceptions to the rules.
This commit is contained in:
parent
0b82e43a15
commit
8d0172f5c7
@ -33,11 +33,13 @@
|
|||||||
{%- endif %}
|
{%- endif %}
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
{%- if 'services' in zone %}
|
{%- for k,val in zone.items() %}
|
||||||
{%- for v in zone.services %}
|
{%- if k.endswith("services") %}
|
||||||
|
{%- for v in val %}
|
||||||
<service name="{{ v }}" />
|
<service name="{{ v }}" />
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
{%- endfor %}
|
||||||
{%- if 'ports' in zone %}
|
{%- if 'ports' in zone %}
|
||||||
{%- for v in zone.ports %}
|
{%- for v in zone.ports %}
|
||||||
{%- if 'comment' in v %}
|
{%- if 'comment' in v %}
|
||||||
|
@ -107,10 +107,12 @@ firewalld:
|
|||||||
are accepted.
|
are accepted.
|
||||||
services:
|
services:
|
||||||
- http
|
- http
|
||||||
- zabbixcustom
|
|
||||||
- https
|
- https
|
||||||
- ssh
|
- ssh
|
||||||
- salt-minion
|
- salt-minion
|
||||||
|
# Anything in zone definition ending with services will get merged into services
|
||||||
|
other_services:
|
||||||
|
- zabbixcustom
|
||||||
protocols:
|
protocols:
|
||||||
- igmp
|
- igmp
|
||||||
rich_rules:
|
rich_rules:
|
||||||
|
Loading…
Reference in New Issue
Block a user