[remove] clean-up some code, mostly code commented out

This commit is contained in:
David Bezuidenhout 2016-01-19 17:31:29 +02:00
parent d78e3510d6
commit d55b767b91
3 changed files with 2 additions and 126 deletions

1
.gitignore vendored
View File

@ -3,3 +3,4 @@ metadata.json
*.idea *.idea
*.swp *.swp
*.tmp *.tmp
/.project

View File

@ -38,103 +38,3 @@
zone: {{ v }} zone: {{ v }}
{% endfor %} {% endfor %}
# === Parameters
#
# [*target*] can be one of {'ACCEPT', '%%REJECT%%', 'DROP'}.
# Used to accept, reject or drop every packet that
# doesn't match any rule (port, service, etc.).
# Default (when target is not specified) is reject.
# [*short*] short readable name
# [*description*] long description of zone
# [*interfaces*] list of interfaces to bind to a zone
# [*sources*] list of source addresses or source address
# ranges ("address/mask") to bind to a zone
# [*ports*]
# list of ports to open
# ports => [{
# comment => optional, string
# port => mandatory, string, e.g. '1234'
# protocol => mandatory, string, e.g. 'tcp' },...]
# [*services*] list of predefined firewalld services
# [*icmp_blocks*] list of predefined icmp-types to block
# [*masquerade*] enable masquerading ?
# [*forward_ports*]
# list of ports to forward to other port and/or machine
# forward_ports => [{
# comment => optional, string
# portid => mandatory, string, e.g. '123'
# protocol => mandatory, string, e.g. 'tcp'
# to_port => mandatory to specify either to_port or/and to_addr
# to_addr => mandatory to specify either to_port or/and to_addr },...]
# [*rich_rules*]
# list of rich language rules (firewalld.richlanguage(5))
# You have to specify one (and only one)
# of {service, port, protocol, icmp_block, masquerade, forward_port}
# and one (and only one) of {accept, reject, drop}
# family - 'ipv4' or 'ipv6', optional, see Rule in firewalld.richlanguage(5)
# source => { optional, see Source in firewalld.richlanguage(5)
# address => mandatory, string, e.g. '192.168.1.0/24'
# invert => optional, bool, e.g. true }
# destination => { optional, see Destination in firewalld.richlanguage(5)
# address => mandatory, string
# invert => optional, bool, e.g. true }
# service - string, see Service in firewalld.richlanguage(5)
# port => { see Port in firewalld.richlanguage(5)
# portid => mandatory
# protocol => mandatory }
# protocol - string, see Protocol in firewalld.richlanguage(5)
# icmp_block - string, see ICMP-Block in firewalld.richlanguage(5)
# masquerade - bool, see Masquerade in firewalld.richlanguage(5)
# forward_port => { see Forward-Port in firewalld.richlanguage(5)
# portid => mandatory
# protocol => mandatory
# to_port => mandatory to specify either to_port or/and to_addr
# to_addr => mandatory to specify either to_port or/and to_addr }
# log => { see Log in firewalld.richlanguage(5)
# prefix => string, optional
# level => string, optional
# limit => string, optional }
# audit => { see Audit in firewalld.richlanguage(5)
# limit => string, optional }
# accept - any value, e.g. true, see Action in firewalld.richlanguage(5)
# reject => { see Action in firewalld.richlanguage(5)
# type => string, optional }
# drop - any value, e.g. true, see Action in firewalld.richlanguage(5)
#
# === Examples
#
# firewalld::zone { "custom":
# description => "This is an example zone",
# services => ["ssh", "dhcpv6-client"],
# ports => [{
# comment => "for our dummy service",
# port => "1234",
# protocol => "tcp",},],
# masquerade => true,
# forward_ports => [{
# comment => 'forward 123 to other machine',
# portid => '123',
# protocol => 'tcp',
# to_port => '321',
# to_addr => '1.2.3.4',},],
# rich_rules => [{
# family => 'ipv4',
# source => {
# address => '192.168.1.0/24',
# invert => true,},
# port => {
# portid => '123-321',
# protocol => 'udp',},
# log => {
# prefix => 'local',
# level => 'notice',
# limit => '3/s',},
# audit => {
# limit => '2/h',},
# reject => {
# type => 'icmp-host-prohibited',},
# },],}
#

View File

@ -28,29 +28,4 @@ firewalld:
- https - https
- ssh - ssh
- dhcpv6-client - dhcpv6-client
# ports:
# - comment: For our dummy service
# port: 1234
# protocol: tcp
# forward_ports:
# - comment: forward 123 to other machine
# portid: 123
# protocol: tcp
# to_port: 321
# to_addr: 1.2.3.4
# rich_rules:
# - family: ipv4
# source:
# address: 192.168.1.0/24
# invert: true
# port:
# portid: 123-321
# protocol: udp
# log:
# prefix: local
# level: notice
# limit: 3/s
# audit:
# limit: 2/h
# reject:
# type: icmp-host-prohibited