[remove] clean-up some code, mostly code commented out
This commit is contained in:
parent
d78e3510d6
commit
d55b767b91
1
.gitignore
vendored
1
.gitignore
vendored
@ -3,3 +3,4 @@ metadata.json
|
|||||||
*.idea
|
*.idea
|
||||||
*.swp
|
*.swp
|
||||||
*.tmp
|
*.tmp
|
||||||
|
/.project
|
||||||
|
@ -38,103 +38,3 @@
|
|||||||
zone: {{ v }}
|
zone: {{ v }}
|
||||||
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*target*] can be one of {'ACCEPT', '%%REJECT%%', 'DROP'}.
|
|
||||||
# Used to accept, reject or drop every packet that
|
|
||||||
# doesn't match any rule (port, service, etc.).
|
|
||||||
# Default (when target is not specified) is reject.
|
|
||||||
# [*short*] short readable name
|
|
||||||
# [*description*] long description of zone
|
|
||||||
# [*interfaces*] list of interfaces to bind to a zone
|
|
||||||
# [*sources*] list of source addresses or source address
|
|
||||||
# ranges ("address/mask") to bind to a zone
|
|
||||||
# [*ports*]
|
|
||||||
# list of ports to open
|
|
||||||
# ports => [{
|
|
||||||
# comment => optional, string
|
|
||||||
# port => mandatory, string, e.g. '1234'
|
|
||||||
# protocol => mandatory, string, e.g. 'tcp' },...]
|
|
||||||
# [*services*] list of predefined firewalld services
|
|
||||||
# [*icmp_blocks*] list of predefined icmp-types to block
|
|
||||||
# [*masquerade*] enable masquerading ?
|
|
||||||
# [*forward_ports*]
|
|
||||||
# list of ports to forward to other port and/or machine
|
|
||||||
# forward_ports => [{
|
|
||||||
# comment => optional, string
|
|
||||||
# portid => mandatory, string, e.g. '123'
|
|
||||||
# protocol => mandatory, string, e.g. 'tcp'
|
|
||||||
# to_port => mandatory to specify either to_port or/and to_addr
|
|
||||||
# to_addr => mandatory to specify either to_port or/and to_addr },...]
|
|
||||||
# [*rich_rules*]
|
|
||||||
# list of rich language rules (firewalld.richlanguage(5))
|
|
||||||
# You have to specify one (and only one)
|
|
||||||
# of {service, port, protocol, icmp_block, masquerade, forward_port}
|
|
||||||
# and one (and only one) of {accept, reject, drop}
|
|
||||||
# family - 'ipv4' or 'ipv6', optional, see Rule in firewalld.richlanguage(5)
|
|
||||||
# source => { optional, see Source in firewalld.richlanguage(5)
|
|
||||||
# address => mandatory, string, e.g. '192.168.1.0/24'
|
|
||||||
# invert => optional, bool, e.g. true }
|
|
||||||
# destination => { optional, see Destination in firewalld.richlanguage(5)
|
|
||||||
# address => mandatory, string
|
|
||||||
# invert => optional, bool, e.g. true }
|
|
||||||
# service - string, see Service in firewalld.richlanguage(5)
|
|
||||||
# port => { see Port in firewalld.richlanguage(5)
|
|
||||||
# portid => mandatory
|
|
||||||
# protocol => mandatory }
|
|
||||||
# protocol - string, see Protocol in firewalld.richlanguage(5)
|
|
||||||
# icmp_block - string, see ICMP-Block in firewalld.richlanguage(5)
|
|
||||||
# masquerade - bool, see Masquerade in firewalld.richlanguage(5)
|
|
||||||
# forward_port => { see Forward-Port in firewalld.richlanguage(5)
|
|
||||||
# portid => mandatory
|
|
||||||
# protocol => mandatory
|
|
||||||
# to_port => mandatory to specify either to_port or/and to_addr
|
|
||||||
# to_addr => mandatory to specify either to_port or/and to_addr }
|
|
||||||
# log => { see Log in firewalld.richlanguage(5)
|
|
||||||
# prefix => string, optional
|
|
||||||
# level => string, optional
|
|
||||||
# limit => string, optional }
|
|
||||||
# audit => { see Audit in firewalld.richlanguage(5)
|
|
||||||
# limit => string, optional }
|
|
||||||
# accept - any value, e.g. true, see Action in firewalld.richlanguage(5)
|
|
||||||
# reject => { see Action in firewalld.richlanguage(5)
|
|
||||||
# type => string, optional }
|
|
||||||
# drop - any value, e.g. true, see Action in firewalld.richlanguage(5)
|
|
||||||
#
|
|
||||||
# === Examples
|
|
||||||
#
|
|
||||||
# firewalld::zone { "custom":
|
|
||||||
# description => "This is an example zone",
|
|
||||||
# services => ["ssh", "dhcpv6-client"],
|
|
||||||
# ports => [{
|
|
||||||
# comment => "for our dummy service",
|
|
||||||
# port => "1234",
|
|
||||||
# protocol => "tcp",},],
|
|
||||||
# masquerade => true,
|
|
||||||
# forward_ports => [{
|
|
||||||
# comment => 'forward 123 to other machine',
|
|
||||||
# portid => '123',
|
|
||||||
# protocol => 'tcp',
|
|
||||||
# to_port => '321',
|
|
||||||
# to_addr => '1.2.3.4',},],
|
|
||||||
# rich_rules => [{
|
|
||||||
# family => 'ipv4',
|
|
||||||
# source => {
|
|
||||||
# address => '192.168.1.0/24',
|
|
||||||
# invert => true,},
|
|
||||||
# port => {
|
|
||||||
# portid => '123-321',
|
|
||||||
# protocol => 'udp',},
|
|
||||||
# log => {
|
|
||||||
# prefix => 'local',
|
|
||||||
# level => 'notice',
|
|
||||||
# limit => '3/s',},
|
|
||||||
# audit => {
|
|
||||||
# limit => '2/h',},
|
|
||||||
# reject => {
|
|
||||||
# type => 'icmp-host-prohibited',},
|
|
||||||
# },],}
|
|
||||||
#
|
|
||||||
|
@ -28,29 +28,4 @@ firewalld:
|
|||||||
- https
|
- https
|
||||||
- ssh
|
- ssh
|
||||||
- dhcpv6-client
|
- dhcpv6-client
|
||||||
# ports:
|
|
||||||
# - comment: For our dummy service
|
|
||||||
# port: 1234
|
|
||||||
# protocol: tcp
|
|
||||||
# forward_ports:
|
|
||||||
# - comment: forward 123 to other machine
|
|
||||||
# portid: 123
|
|
||||||
# protocol: tcp
|
|
||||||
# to_port: 321
|
|
||||||
# to_addr: 1.2.3.4
|
|
||||||
# rich_rules:
|
|
||||||
# - family: ipv4
|
|
||||||
# source:
|
|
||||||
# address: 192.168.1.0/24
|
|
||||||
# invert: true
|
|
||||||
# port:
|
|
||||||
# portid: 123-321
|
|
||||||
# protocol: udp
|
|
||||||
# log:
|
|
||||||
# prefix: local
|
|
||||||
# level: notice
|
|
||||||
# limit: 3/s
|
|
||||||
# audit:
|
|
||||||
# limit: 2/h
|
|
||||||
# reject:
|
|
||||||
# type: icmp-host-prohibited
|
|
||||||
|
Loading…
Reference in New Issue
Block a user