add updated firewalld.conf from 0.7.1
This commit is contained in:
Niels Abspoel
Imran Iqbal
parent
4937787038
commit
ae1f2453d3
@ -76,3 +76,22 @@ AutomaticHelpers={{ firewalld.AutomaticHelpers|default('sytem') }}
|
|||||||
# - iptables (iptables, ip6tables, ebtables and ipset)
|
# - iptables (iptables, ip6tables, ebtables and ipset)
|
||||||
FirewallBackend={{ firewalld.FirewallBackend|default('nftables') }}
|
FirewallBackend={{ firewalld.FirewallBackend|default('nftables') }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
{%- if firewalld.get('FlushAllOnReload', False) %}
|
||||||
|
|
||||||
|
# FlushAllOnReload
|
||||||
|
# Flush all runtime rules on a reload. In previous releases some runtime
|
||||||
|
# configuration was retained during a reload, namely; interface to zone
|
||||||
|
# assignment, and direct rules. This was confusing to users. To get the old
|
||||||
|
# behavior set this to "no".
|
||||||
|
# Default: yes
|
||||||
|
FlushAllOnReload={{ firewalld.FlushAllOnReload|default('yes') }}
|
||||||
|
{%- endif %}
|
||||||
|
{%- if firewalld.get('RFC3964_IPv4', False) %}
|
||||||
|
|
||||||
|
# RFC3964_IPv4
|
||||||
|
# As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that
|
||||||
|
# correspond to IPv4 addresses that should not be routed over the public
|
||||||
|
# internet.
|
||||||
|
# Defaults to "yes".
|
||||||
|
RFC3964_IPv4={{ firewalld.RFC3964_IPv4|default('yes') }}
|
||||||
|
{%- endif %}
|
||||||
|
|||||||
@ -1,6 +1,12 @@
|
|||||||
# FirewallD pillar examples:
|
# FirewallD pillar examples:
|
||||||
firewalld:
|
firewalld:
|
||||||
enabled: True
|
enabled: True
|
||||||
|
IndividualCalls: 'no'
|
||||||
|
LogDenied: 'off'
|
||||||
|
AutomaticHelpers: 'system'
|
||||||
|
FirewallBackend: 'nftables'
|
||||||
|
FlushAllOnReload: 'yes'
|
||||||
|
RFC3964_IPv4: 'yes'
|
||||||
|
|
||||||
ipset:
|
ipset:
|
||||||
manage: True
|
manage: True
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user