|
4 | 4 | Do not edit this file manually, it will be overwritten! |
5 | 5 | Modify the salt pillar for firewalld instead |
6 | 6 | --> |
| 7 | +{%- macro rich_rule(rule) -%} |
| 8 | + {%- if 'family' in rule %} |
| 9 | + <rule family="{{ rule.family }}"> |
| 10 | + {%- else %} |
| 11 | + <rule> |
| 12 | + {%- endif %} |
| 13 | + {%- if 'ipset' in rule %} |
| 14 | + <source ipset="{{ rule.ipset.name }}" /> |
| 15 | + {%- endif %} |
| 16 | + {%- if 'source' in rule %} |
| 17 | + <source address="{{ rule.source.address }}" {%- if 'invert' in rule.source %}invert="{{ rule.source.invert }}"{%- endif %} /> |
| 18 | + {%- endif %} |
| 19 | + {%- if 'destination' in rule %} |
| 20 | + <destination address="{{ rule.destination.address }}" {%- if 'invert' in rule.destination %}invert="{{ rule.destination.invert }}"{%- endif %} /> |
| 21 | + {%- endif %} |
| 22 | + {%- if 'service' in rule %} |
| 23 | + <service name="{{ rule.service }}" /> |
| 24 | + {%- endif %} |
| 25 | + {%- if 'port' in rule %} |
| 26 | + <port port="{{ rule.port.portid }}" protocol="{{ rule.port.protocol }}" /> |
| 27 | + {%- endif %} |
| 28 | + {%- if 'protocol' in rule %} |
| 29 | + <protocol value="{{ rule.protocol }}" /> |
| 30 | + {%- endif %} |
| 31 | + {%- if 'icmp_block' in rule %} |
| 32 | + <icmp-block name="{{ rule.icmp_block }}" /> |
| 33 | + {%- endif %} |
| 34 | + {%- if 'icmp_type' in rule %} |
| 35 | + <icmp-type name="{{ rule.icmp_type }}" /> |
| 36 | + {%- endif %} |
| 37 | + {%- if 'masquerade' in rule %} |
| 38 | + {%- if rule.masquerade %}<masquerade/>{%- endif %} |
| 39 | + {%- endif %} |
| 40 | + {%- if 'forward_port' in rule %} |
| 41 | + {%- if 'comment' in rule.forward_port %} |
| 42 | + <!-- {{ rule.forward_port.comment }} --> |
| 43 | + {%- endif %} |
| 44 | + <forward-port port="{{ rule.forward_port.portid }}" protocol="{{ rule.forward_port.protocol }}"{%- if 'to_port' in rule.forward_port %} to-port="{{ rule.forward_port.to_port }}"{%- endif %}{%- if 'to_addr' in rule.forward_port %} to-addr="{{ rule.forward_port.to_addr }}"{%- endif %} /> |
| 45 | + {%- endif %} |
| 46 | + {%- if 'source_port' in rule %} |
| 47 | + {%- if 'comment' in rule.source_port %} |
| 48 | + <!-- {{ rule.source_port.comment }} --> |
| 49 | + {%- endif %} |
| 50 | + <source-port port="{{ rule.source_port.portid }}" protocol="{{ rule.source_port.protocol }}"{%- if 'to_port' in rule.source_port %} to-port="{{ rule.source_port.to_port }}"{%- endif %}{%- if 'to_addr' in rule.source_port %} to-addr="{{ rule.source_port.to_addr }}"{%- endif %} /> |
| 51 | + {%- endif %} |
| 52 | + {%- if 'log' in rule %} |
| 53 | + <log{%- if 'prefix' in rule.log %} prefix="{{ rule.log.prefix }}"{%- endif %}{%- if 'level' in rule.log %} level="{{ rule.log.level }}"{%- endif %}> |
| 54 | + {%- if 'limit' in rule.log %} |
| 55 | + <limit value="{{ rule.log.limit }}"/> |
| 56 | + {%- endif %} |
| 57 | + </log> |
| 58 | + {%- endif %} |
| 59 | + {%- if 'audit' in rule %} |
| 60 | + <audit>{%- if 'limit' in rule.audit %} <limit value="{{ rule.audit.limit }}"/>{%- endif %}</audit> |
| 61 | + {%- endif %} |
| 62 | + {%- if 'accept' in rule %} |
| 63 | + <accept/> |
| 64 | + {%- endif %} |
| 65 | + {%- if 'reject' in rule %} |
| 66 | + <reject{%- if 'type' in rule.reject %} type="{{ rule.reject.type }}"{%- endif %} /> |
| 67 | + {%- endif %} |
| 68 | + {%- if 'drop' in rule %} |
| 69 | + <drop/> |
| 70 | + {%- endif %} |
| 71 | + </rule> |
| 72 | +{%- endmacro %} |
7 | 73 | <zone{%- if 'target' in zone %} target="{{ zone.target }}"{%- endif %}> |
8 | 74 | {% if 'short' in zone %}<short>{{ zone.short }}</short>{% else %}<short>{{ name }}</short>{% endif %} |
9 | 75 | {% if 'description' in zone %}<description>{{ zone.description }}</description>{% endif %} |
|
82 | 148 | <source-port port="{{ v.port }}" protocol="{{ v.protocol }}" /> |
83 | 149 | {%- endfor %} |
84 | 150 | {%- endif %} |
85 | | - |
86 | | -{%- macro rich_rule(rule) -%} |
87 | | - {%- if 'family' in rule %} |
88 | | - <rule family="{{ rule.family }}"> |
89 | | - {%- else %} |
90 | | - <rule> |
91 | | - {%- endif %} |
92 | | - {%- if 'ipset' in rule %} |
93 | | - <source ipset="{{ rule.ipset.name }}" /> |
94 | | - {%- endif %} |
95 | | - {%- if 'source' in rule %} |
96 | | - <source address="{{ rule.source.address }}" {%- if 'invert' in rule.source %}invert="{{ rule.source.invert }}"{%- endif %} /> |
97 | | - {%- endif %} |
98 | | - {%- if 'destination' in rule %} |
99 | | - <destination address="{{ rule.destination.address }}" {%- if 'invert' in rule.destination %}invert="{{ rule.destination.invert }}"{%- endif %} /> |
100 | | - {%- endif %} |
101 | | - {%- if 'service' in rule %} |
102 | | - <service name="{{ rule.service }}" /> |
103 | | - {%- endif %} |
104 | | - {%- if 'port' in rule %} |
105 | | - <port port="{{ rule.port.portid }}" protocol="{{ rule.port.protocol }}" /> |
106 | | - {%- endif %} |
107 | | - {%- if 'protocol' in rule %} |
108 | | - <protocol value="{{ rule.protocol }}" /> |
109 | | - {%- endif %} |
110 | | - {%- if 'icmp_block' in rule %} |
111 | | - <icmp-block name="{{ rule.icmp_block }}" /> |
112 | | - {%- endif %} |
113 | | - {%- if 'icmp_type' in rule %} |
114 | | - <icmp-type name="{{ rule.icmp_type }}" /> |
115 | | - {%- endif %} |
116 | | - {%- if 'masquerade' in rule %} |
117 | | - {%- if rule.masquerade %}<masquerade/>{%- endif %} |
118 | | - {%- endif %} |
119 | | - {%- if 'forward_port' in rule %} |
120 | | - {%- if 'comment' in rule.forward_port %} |
121 | | - <!-- {{ rule.forward_port.comment }} --> |
122 | | - {%- endif %} |
123 | | - <forward-port port="{{ rule.forward_port.portid }}" protocol="{{ rule.forward_port.protocol }}"{%- if 'to_port' in rule.forward_port %} to-port="{{ rule.forward_port.to_port }}"{%- endif %}{%- if 'to_addr' in rule.forward_port %} to-addr="{{ rule.forward_port.to_addr }}"{%- endif %} /> |
124 | | - {%- endif %} |
125 | | - {%- if 'source_port' in rule %} |
126 | | - {%- if 'comment' in rule.source_port %} |
127 | | - <!-- {{ rule.source_port.comment }} --> |
128 | | - {%- endif %} |
129 | | - <source-port port="{{ rule.source_port.portid }}" protocol="{{ rule.source_port.protocol }}"{%- if 'to_port' in rule.source_port %} to-port="{{ rule.source_port.to_port }}"{%- endif %}{%- if 'to_addr' in rule.source_port %} to-addr="{{ rule.source_port.to_addr }}"{%- endif %} /> |
130 | | - {%- endif %} |
131 | | - {%- if 'log' in rule %} |
132 | | - <log{%- if 'prefix' in rule.log %} prefix="{{ rule.log.prefix }}"{%- endif %}{%- if 'level' in rule.log %} level="{{ rule.log.level }}"{%- endif %}> |
133 | | - {%- if 'limit' in rule.log %} |
134 | | - <limit value="{{ rule.log.limit }}"/> |
135 | | - {%- endif %} |
136 | | - </log> |
137 | | - {%- endif %} |
138 | | - {%- if 'audit' in rule %} |
139 | | - <audit>{%- if 'limit' in rule.audit %} <limit value="{{ rule.audit.limit }}"/>{%- endif %}</audit> |
140 | | - {%- endif %} |
141 | | - {%- if 'accept' in rule %} |
142 | | - <accept/> |
143 | | - {%- endif %} |
144 | | - {%- if 'reject' in rule %} |
145 | | - <reject{%- if 'type' in rule.reject %} type="{{ rule.reject.type }}"{%- endif %} /> |
146 | | - {%- endif %} |
147 | | - {%- if 'drop' in rule %} |
148 | | - <drop/> |
149 | | - {%- endif %} |
150 | | - </rule> |
151 | | -{%- endmacro %} |
152 | | - |
153 | 151 | {%- if 'rich_rules' in zone %} |
154 | 152 | {%- if zone.rich_rules is list %} |
155 | 153 | {%- set rich_rules = zone.rich_rules %} |
|
182 | 180 | {%- endfor %} |
183 | 181 | {%- endif %} |
184 | 182 | {%- for rule in rich_rules %} |
185 | | -{{ rich_rule(rule) }} |
| 183 | +{{- rich_rule(rule) }} |
186 | 184 | {%- endfor %} |
187 | 185 | {%- endif %} |
188 | | - |
189 | 186 | </zone> |
0 commit comments