12b696a8fe
Firewalld does not parse the name attribute. Log message: firewalld[1999]: ERROR: Failed to load zone file 'public.xml': PARSE_ERROR: icmp-block-inversion: Unexpected attribute name
153 lines
5.3 KiB
XML
153 lines
5.3 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!--
|
|
This file is managed/generated by salt.
|
|
Do not edit this file manually, it will be overwritten!
|
|
Modify the salt pillar for firewalld instead
|
|
-->
|
|
<zone{%- if 'target' in zone %} target="{{ zone.target }}"{%- endif %}>
|
|
{% if 'short' in zone %}<short>{{ zone.short }}</short>{% else %}<short>{{ name }}</short>{% endif %}
|
|
{% if 'description' in zone %}<description>{{ zone.description }}</description>{% endif %}
|
|
|
|
{%- if 'interfaces' in zone %}
|
|
{%- for v in zone.interfaces %}
|
|
<interface name="{{ v }}" />
|
|
{%- endfor %}
|
|
{%- endif %}
|
|
{%- if 'sources' in zone %}
|
|
{%- for v in zone.sources %}
|
|
{%- if 'comment' in v %}
|
|
<!-- {{ v.comment }} -->
|
|
<source address="{{ v.source }}" />
|
|
{%- else %}
|
|
<source address="{{ v }}" />
|
|
{%- endif %}
|
|
{%- endfor %}
|
|
{%- endif %}
|
|
{%- if 'ipsets' in zone %}
|
|
{%- for v in zone.ipsets %}
|
|
{%- if 'comment' in v %}
|
|
<!-- {{ v.comment }} -->
|
|
<source ipset="{{ v.ipset }}" />
|
|
{%- else %}
|
|
<source ipset="{{ v }}" />
|
|
{%- endif %}
|
|
{%- endfor %}
|
|
{%- endif %}
|
|
{%- if 'services' in zone %}
|
|
{%- for v in zone.services %}
|
|
<service name="{{ v }}" />
|
|
{%- endfor %}
|
|
{%- endif %}
|
|
{%- if 'ports' in zone %}
|
|
{%- for v in zone.ports %}
|
|
{%- if 'comment' in v %}
|
|
<!-- {{ v.comment }} -->
|
|
{%- endif %}
|
|
<port port="{{ v.port }}" protocol="{{ v.protocol }}" />
|
|
{%- endfor %}
|
|
{%- endif %}
|
|
{%- if 'protocols' in zone %}
|
|
{%- for v in zone.protocols %}
|
|
<protocol value="{{ v }}" />
|
|
{%- endfor %}
|
|
{%- endif %}
|
|
{%- if 'icmp_blocks' in zone %}
|
|
{%- for v in zone.icmp_blocks %}
|
|
<icmp-block name="{{ v }}" />
|
|
{%- endfor %}
|
|
{%- endif %}
|
|
{%- if 'icmp_block_inversion' in zone and zone.icmp_block_inversion %}
|
|
<icmp-block-inversion />
|
|
{%- endif %}
|
|
{%- if 'masquerade' in zone %}
|
|
{%- if zone.masquerade %}
|
|
<masquerade/>
|
|
{%- endif %}
|
|
{%- endif %}
|
|
{%- if 'forward_ports' in zone %}
|
|
{%- for v in zone.forward_ports %}
|
|
{%- if 'comment' in v %}
|
|
<!-- {{ v.comment }} -->
|
|
{%- endif %}
|
|
<forward-port port="{{ v.portid }}" protocol="{{ v.protocol }}"{%- if 'to_port' in v %} to-port="{{ v.to_port }}"{%- endif %}{%- if 'to_addr' in v %} to-addr="{{ v.to_addr }}"{%- endif %} />
|
|
{%- endfor %}
|
|
{%- endif %}
|
|
{%- if 'source_ports' in zone %}
|
|
{%- for v in zone.source_ports %}
|
|
{%- if 'comment' in v %}
|
|
<!-- {{ v.comment }} -->
|
|
{%- endif %}
|
|
<source-port port="{{ v.port }}" protocol="{{ v.protocol }}" />
|
|
{%- endfor %}
|
|
{%- endif %}
|
|
|
|
{%- if 'rich_rules' in zone %}
|
|
{%- for rule in zone.rich_rules %}
|
|
{%- if 'family' in rule %}
|
|
<rule family="{{ rule.family }}">
|
|
{%- else %}
|
|
<rule>
|
|
{%- endif %}
|
|
{%- if 'ipset' in rule %}
|
|
<source ipset="{{ rule.ipset.name }}" />
|
|
{%- endif %}
|
|
{%- if 'source' in rule %}
|
|
<source address="{{ rule.source.address }}" {%- if 'invert' in rule.source %}invert="{{ rule.source.invert }}"{%- endif %} />
|
|
{%- endif %}
|
|
{%- if 'destination' in rule %}
|
|
<destination address="{{ rule.destination.address }}" {%- if 'invert' in rule.destination %}invert="{{ rule.destination.invert }}"{%- endif %} />
|
|
{%- endif %}
|
|
{%- if 'service' in rule %}
|
|
<service name="{{ rule.service }}" />
|
|
{%- endif %}
|
|
{%- if 'port' in rule %}
|
|
<port port="{{ rule.port.portid }}" protocol="{{ rule.port.protocol }}" />
|
|
{%- endif %}
|
|
{%- if 'protocol' in rule %}
|
|
<protocol value="{{ rule.protocol }}" />
|
|
{%- endif %}
|
|
{%- if 'icmp_block' in rule %}
|
|
<icmp-block name="{{ rule.icmp_block }}" />
|
|
{%- endif %}
|
|
{%- if 'icmp_type' in rule %}
|
|
<icmp-type name="{{ rule.icmp_type }}" />
|
|
{%- endif %}
|
|
{%- if 'masquerade' in rule %}
|
|
{%- if rule.masquerade %}<masquerade/>{%- endif %}
|
|
{%- endif %}
|
|
{%- if 'forward_port' in rule %}
|
|
{%- if 'comment' in rule.forward_port %}
|
|
<!-- {{ rule.forward_port.comment }} -->
|
|
{%- endif %}
|
|
<forward-port port="{{ rule.forward_port.portid }}" protocol="{{ rule.forward_port.protocol }}"{%- if 'to_port' in rule.forward_port %} to-port="{{ rule.forward_port.to_port }}"{%- endif %}{%- if 'to_addr' in rule.forward_port %} to-addr="{{ rule.forward_port.to_addr }}"{%- endif %} />
|
|
{%- endif %}
|
|
{%- if 'source_port' in rule %}
|
|
{%- if 'comment' in rule.source_port %}
|
|
<!-- {{ rule.source_port.comment }} -->
|
|
{%- endif %}
|
|
<source-port port="{{ rule.source_port.portid }}" protocol="{{ rule.source_port.protocol }}"{%- if 'to_port' in rule.source_port %} to-port="{{ rule.source_port.to_port }}"{%- endif %}{%- if 'to_addr' in rule.source_port %} to-addr="{{ rule.source_port.to_addr }}"{%- endif %} />
|
|
{%- endif %}
|
|
{%- if 'log' in rule %}
|
|
<log{%- if 'prefix' in rule.log %} prefix="{{ rule.log.prefix }}"{%- endif %}{%- if 'level' in rule.log %} level="{{ rule.log.level }}"{%- endif %}>
|
|
{%- if 'limit' in rule.log %}
|
|
<limit value="{{ rule.log.limit }}"/>
|
|
{%- endif %}
|
|
</log>
|
|
{%- endif %}
|
|
{%- if 'audit' in rule %}
|
|
<audit>{%- if 'limit' in rule.audit %} <limit value="{{ rule.audit.limit }}"/>{%- endif %}</audit>
|
|
{%- endif %}
|
|
{%- if 'accept' in rule %}
|
|
<accept/>
|
|
{%- endif %}
|
|
{%- if 'reject' in rule %}
|
|
<reject{%- if 'type' in rule.reject %} type="{{ rule.reject.type }}"{%- endif %} />
|
|
{%- endif %}
|
|
{%- if 'drop' in rule %}
|
|
<drop/>
|
|
{%- endif %}
|
|
</rule>
|
|
{%- endfor %}
|
|
{%- endif %}
|
|
</zone>
|