{#- ensure that zone exists in firewalld pillar -#} {%- if pillar['firewalld'] is defined -%} {%- if pillar['firewalld'][zone] is defined %} {{ zone }} {#- check if there's a description of this zone and add it if applicable- #} {%- if pillar['firewalld'][zone]['description'] is defined %} {{ pillar['firewalld'][zone]['description'] }} {% endif %} {#- grab sources if applicable -#} {%- if pillar['firewalld'][zone]['source'] is defined %} {%- for source in pillar['firewalld'][zone]['source'] %} {%- endfor -%} {%- endif -%} {#- grab services for this zone of server -#} {%- if pillar['firewalld'][zone]['service'] is defined %} {%- for service in pillar['firewalld'][zone]['service'] %} {%- endfor -%} {%- endif -%} {#- grab ports for the this zone on server -#} {%- if pillar['firewalld'][zone]['port'] is defined %} {%- for port in pillar['firewalld'][zone]['port'] -%} {%- set lst=port.split('/') %} {%- endfor -%} {%- endif -%} {#- grab specific rules for the this zone on server -#} {%- if pillar['firewalld'][zone]['rule'] is defined %} {%- for rule in pillar['firewalld'][zone]['rule'] %} {%- if pillar['firewalld'][zone]['rule'][rule]['source'] is defined -%} {#- #} {%- endif -%} {%- if pillar['firewalld'][zone]['rule'][rule]['service'] is defined -%} {#- #} {%- elif pillar['firewalld'][zone]['rule'][rule]['port'] is defined -%} {%- set lst=pillar['firewalld'][zone]['rule'][rule]['port'].split('/') %} {%- endif %} <{{ pillar['firewalld'][zone]['rule'][rule]['action'] }}/> {%- endfor -%} {%- endif -%} {#- loop through included zones -#} {%- if pillar['firewalld'][zone]['include'] is defined -%} {%- for include in pillar['firewalld'][zone]['include'] -%} {#- ensure include exists in firewalld pillar -#} {%- if pillar['firewalld'][include] is defined %} {# #} {# #} {#- grab services for this included zone of server -#} {%- if pillar['firewalld'][include]['service'] is defined %} {%- for service in pillar['firewalld'][include]['service'] %} {%- endfor -%} {%- endif -%} {#- grab ports for the this included zone on server -#} {%- if pillar['firewalld'][include]['port'] is defined %} {%- for port in pillar['firewalld'][include]['port'] -%} {%- set lst=port.split('/') %} {%- endfor -%} {%- endif -%} {#- grab specific rules for the this included zone on server -#} {%- if pillar['firewalld'][include]['rule'] is defined %} {%- for rule in pillar['firewalld'][include]['rule'] %} {%- if pillar['firewalld'][include]['rule'][rule]['source'] is defined -%} {#- #} {%- endif -%} {%- if pillar['firewalld'][include]['rule'][rule]['service'] is defined -%} {#- #} {%- elif pillar['firewalld'][include]['rule'][rule]['port'] is defined -%} {%- set lst=pillar['firewalld'][include]['rule'][rule]['port'].split('/') %} {%- endif %} <{{ pillar['firewalld'][include]['rule'][rule]['action'] }}/> {%- endfor -%} {%- endif -%} {%- endif -%} {%- endfor -%} {%- endif -%} {%- endif -%} {%- endif %}