add updated firewalld.conf from 0.7.1

2019-09-15 22:01:15 +02:00 · 2019-09-15 22:01:15 +02:00 · ae1f2453d3
commit ae1f2453d3
parent 4937787038
2 changed files with 25 additions and 0 deletions
--- a/firewalld/files/firewalld.conf
+++ b/firewalld/files/firewalld.conf
@ -76,3 +76,22 @@ AutomaticHelpers={{ firewalld.AutomaticHelpers|default('sytem') }}
 #	- iptables (iptables, ip6tables, ebtables and ipset)
 FirewallBackend={{ firewalld.FirewallBackend|default('nftables') }}
 {%- endif %}
+{%- if firewalld.get('FlushAllOnReload', False) %}
+
+# FlushAllOnReload
+# Flush all runtime rules on a reload. In previous releases some runtime
+# configuration was retained during a reload, namely; interface to zone
+# assignment, and direct rules. This was confusing to users. To get the old
+# behavior set this to "no".
+# Default: yes
+FlushAllOnReload={{ firewalld.FlushAllOnReload|default('yes') }}
+{%- endif %}
+{%- if firewalld.get('RFC3964_IPv4', False) %}
+
+# RFC3964_IPv4
+# As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that
+# correspond to IPv4 addresses that should not be routed over the public
+# internet.
+# Defaults to "yes".
+RFC3964_IPv4={{ firewalld.RFC3964_IPv4|default('yes') }}
+{%- endif %}
--- a/pillar.example
+++ b/pillar.example
@ -1,6 +1,12 @@
 # FirewallD pillar examples:
 firewalld:
  enabled: True
+  IndividualCalls: 'no'
+  LogDenied: 'off'
+  AutomaticHelpers: 'system'
+  FirewallBackend: 'nftables'
+  FlushAllOnReload: 'yes'
+  RFC3964_IPv4: 'yes'

  ipset:
    manage: True