saltstack-formulas/firewalld-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
dc8a9df3b8
firewalld-formula/pillar.example
Imran Iqbal 0f808d6afb
fix(yamllint): fix all errors 
```bash
firewalld-formula$ yamllint -s .
./pillar.example
  2:1       warning  missing document start "---"  (document-start)
  3:12      warning  truthy value should be one of [false, true]  (truthy)
  12:13     warning  truthy value should be one of [false, true]  (truthy)
  15:89     error    line too long (108 > 88 characters)  (line-length)
  19:13     warning  truthy value should be one of [false, true]  (truthy)
  30:89     error    line too long (363 > 88 characters)  (line-length)
  96:89     error    line too long (170 > 88 characters)  (line-length)
  108:15    error    wrong indentation: expected 12 but found 14  (indentation)
  115:13    error    empty value in block mapping  (empty-values)
  116:2     error    syntax error: found character '%' that cannot start any token
  152:89    error    line too long (112 > 88 characters)  (line-length)

./firewalld/defaults.yaml
  3:1       warning  missing document start "---"  (document-start)
```
2019-11-09 08:24:55 +00:00

177 lines
3.9 KiB
YAML
Raw Blame History

# -*- coding: utf-8 -*-
# vim: ft=yaml
---
# FirewallD pillar examples:
firewalld:
enabled: true
IndividualCalls: 'no'
LogDenied: 'off'
AutomaticHelpers: 'system'
FirewallBackend: 'nftables'
FlushAllOnReload: 'yes'
RFC3964_IPv4: 'yes'
ipset:
manage: true
pkg: ipset
# ipset: # Deprecated. Will be removed in future releases
# ipsetpackag: ipset # Deprecated. Will be removed in future releases
backend:
manage: true
pkg: nftables
# installbackend: true # Deprecated. Will be removed in future releases
# backendpackage: nftables # Deprecated. Will be removed in future releases
default_zone: public
services:
sshcustom:
short: sshcustom
description: >-
SSH on port 3232 and 5252. Secure Shell (SSH) is a protocol for logging
into and executing commands on remote machines. It provides secure
encrypted communications. If you plan on accessing your machine
remotely via SSH over a firewalled interface, enable this option. You
need the openssh-server package installed for this option to be useful.
ports:
tcp:
- 3232
- 5252
modules:
- some_module_to_load
protocols:
- igmp
source_ports:
tcp:
- 21
destinations:
ipv4:
- 224.0.0.251
- 224.0.0.252
ipv6:
- ff02::fb
- ff02::fc
zabbixcustom:
short: Zabbixcustom
description: "zabbix custom rule"
ports:
tcp:
- "10051"
salt-minion:
short: salt-minion
description: "salt-minion"
ports:
tcp:
- "8000"
ipsets:
fail2ban-ssh:
short: fail2ban-ssh
description: fail2ban-ssh ipset
type: 'hash:ip'
options:
maxelem:
- 65536
timeout:
- 300
hashsize:
- 1024
entries:
- 10.0.0.1
fail2ban-ssh-ipv6:
short: fail2ban-ssh-ipv6
description: fail2ban-ssh-ipv6 ipset
type: 'hash:ip'
options:
family:
- inet6
maxelem:
- 65536
timeout:
- 300
hashsize:
- 1024
entries:
- 2a01::1
zones:
public:
short: Public
description: >-
For use in public areas. You do not trust the other computers on
networks to not harm your computer. Only selected incoming connections
are accepted.
services:
- http
- zabbixcustom
- https
- ssh
- salt-minion
protocols:
- igmp
rich_rules:
- family: ipv4
source:
address: 8.8.8.8/24
accept: true
- family: ipv4
ipset:
name: fail2ban-ssh
reject:
type: icmp-port-unreachable
ports:
# {%- if grains['id'] == 'salt.example.com' %}
- comment: salt-master
port: 4505
protocol: tcp
- comment: salt-python
port: 4506
protocol: tcp
# {%- endif %}
- comment: zabbix-agent
port: 10050
protocol: tcp
- comment: bacula-client
port: 9102
protocol: tcp
- comment: vsftpd
port: 21
protocol: tcp
source_ports:
- comment: something
port: 2222
protocol: tcp
- comment: something_else
port: 4444
protocol: tcp
direct:
chain:
MYCHAIN:
ipv: ipv4
table: raw
rule:
INTERNETACCESS:
ipv: ipv4
table: filter
chain: FORWARD
priority: "0"
args: >-
-i iintern
-o iextern
-s 192.168.1.0/24
-m conntrack
--ctstate NEW,RELATED,ESTABLISHED
-j ACCEPT
passthrough:
MYPASSTHROUGH:
ipv: ipv4
args: >-
-t raw
-A MYCHAIN
-j DROP
Reference in New Issue View Git Blame Copy Permalink