saltstack-formulas/firewalld-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for inet6 ipsets.

Browse Source
This commit is contained in:
Valentin Bud 2018-12-10 13:44:53 +02:00
parent a2d99c5957
commit d1d7a9186c
2 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
firewalld/files/ipset.xml
View File

@ -27,6 +27,11 @@
<option name="hashsize" value="{{ v }}"/>
{%- endfor %}
{%- endif %}
{%- if 'family' in ipset.options %}
{%- for v in ipset.options.family %}
<option name="family" value="{{ v }}"/>
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'entries' in ipset %}
{%- for v in ipset.entries %}

16
pillar.example
View File

@ -63,6 +63,21 @@ firewalld:
- 1024
entries:
- 10.0.0.1
fail2ban-ssh-ipv6:
short: fail2ban-ssh-ipv6
description: fail2ban-ssh-ipv6 ipset
type: 'hash:ip'
options:
family:
- inet6
maxelem:
- 65536
timeout:
- 300
hashsize:
- 1024
entries:
- 2a01::1
zones:
public:
@ -119,4 +134,3 @@ firewalld:
MYPASSTHROUGH:
ipv: ipv4
args: "-t raw -A MYCHAIN -j DROP"