add updated firewalld.conf from 0.7.1

This commit is contained in:
Niels Abspoel 2019-09-15 22:01:15 +02:00 committed by Imran Iqbal
parent 4937787038
commit ae1f2453d3
2 changed files with 25 additions and 0 deletions

View File

@ -76,3 +76,22 @@ AutomaticHelpers={{ firewalld.AutomaticHelpers|default('sytem') }}
# - iptables (iptables, ip6tables, ebtables and ipset) # - iptables (iptables, ip6tables, ebtables and ipset)
FirewallBackend={{ firewalld.FirewallBackend|default('nftables') }} FirewallBackend={{ firewalld.FirewallBackend|default('nftables') }}
{%- endif %} {%- endif %}
{%- if firewalld.get('FlushAllOnReload', False) %}
# FlushAllOnReload
# Flush all runtime rules on a reload. In previous releases some runtime
# configuration was retained during a reload, namely; interface to zone
# assignment, and direct rules. This was confusing to users. To get the old
# behavior set this to "no".
# Default: yes
FlushAllOnReload={{ firewalld.FlushAllOnReload|default('yes') }}
{%- endif %}
{%- if firewalld.get('RFC3964_IPv4', False) %}
# RFC3964_IPv4
# As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that
# correspond to IPv4 addresses that should not be routed over the public
# internet.
# Defaults to "yes".
RFC3964_IPv4={{ firewalld.RFC3964_IPv4|default('yes') }}
{%- endif %}

View File

@ -1,6 +1,12 @@
# FirewallD pillar examples: # FirewallD pillar examples:
firewalld: firewalld:
enabled: True enabled: True
IndividualCalls: 'no'
LogDenied: 'off'
AutomaticHelpers: 'system'
FirewallBackend: 'nftables'
FlushAllOnReload: 'yes'
RFC3964_IPv4: 'yes'
ipset: ipset:
manage: True manage: True