<?xml version="1.0" encoding="utf-8"?>
<zone>
{#- ensure that zone exists in firewalld pillar -#}
{%- if pillar['firewalld'] is defined -%}
{%- if pillar['firewalld'][zone] is defined %}
<short>{{ zone }}</short>
{#- check if there's a description of this zone and add it if applicable- #}
{%- if pillar['firewalld'][zone]['description'] is defined %}
<description>{{ pillar['firewalld'][zone]['description'] }}</description>
{% endif %}
{#- grab sources if applicable -#}
{%- if pillar['firewalld'][zone]['source'] is defined %}
<!-- sources -->
{%- for source in pillar['firewalld'][zone]['source'] %}
<source address="{{ source }}"/>
{%- endfor -%}
{%- endif -%}
{#- grab services for this zone of server -#}
{%- if pillar['firewalld'][zone]['service'] is defined %}
<!-- services -->
{%- for service in pillar['firewalld'][zone]['service'] %}
<service name="{{ service }}"/>
{%- endfor -%}
{%- endif -%}
{#- grab ports for the this zone on server -#}
{%- if pillar['firewalld'][zone]['port'] is defined %}
<!-- ports -->
{%- for port in pillar['firewalld'][zone]['port'] -%}
{%- set lst=port.split('/') %}
<port protocol="{{ lst[1] }}" port= "{{ lst[0] }}"/>
{%- endfor -%}
{%- endif -%}
{#- grab specific rules for the this zone on server -#}
{%- if pillar['firewalld'][zone]['rule'] is defined %}
<!-- rules -->
{%- for rule in pillar['firewalld'][zone]['rule'] %}
<rule family="ipv4"><!-- {{ rule }} -->
{%- if pillar['firewalld'][zone]['rule'][rule]['source'] is defined -%}
{#- #}
<source address="{{ pillar['firewalld'][zone]['rule'][rule]['source'] }}"/>
{%- endif -%}
{%- if pillar['firewalld'][zone]['rule'][rule]['service'] is defined -%}
{#- #}
<service name="{{ pillar['firewalld'][zone]['rule'][rule]['service'] }}"/>
{%- elif pillar['firewalld'][zone]['rule'][rule]['port'] is defined -%}
{%- set lst=pillar['firewalld'][zone]['rule'][rule]['port'].split('/') %}
<port protocol="{{ lst[1] }}" port="{{ lst[0] }}"/>
{%- endif %}
<{{ pillar['firewalld'][zone]['rule'][rule]['action'] }}/>
</rule>
{%- endfor -%}
{%- endif -%}
{#- loop through included zones -#}
{%- if pillar['firewalld'][zone]['include'] is defined -%}
{%- for include in pillar['firewalld'][zone]['include'] -%}
{#- ensure include exists in firewalld pillar -#}
{%- if pillar['firewalld'][include] is defined %}
{# #}
{# #}
<!-- included from: {{ include }}-->
{#- grab services for this included zone of server -#}
{%- if pillar['firewalld'][include]['service'] is defined %}
<!-- services -->
{%- for service in pillar['firewalld'][include]['service'] %}
<service name="{{ service }}"/>
{%- endfor -%}
{%- endif -%}
{#- grab ports for the this included zone on server -#}
{%- if pillar['firewalld'][include]['port'] is defined %}
<!-- ports -->
{%- for port in pillar['firewalld'][include]['port'] -%}
{%- set lst=port.split('/') %}
<port protocol="{{ lst[1] }}" port= "{{ lst[0] }}"/>
{%- endfor -%}
{%- endif -%}
{#- grab specific rules for the this included zone on server -#}
{%- if pillar['firewalld'][include]['rule'] is defined %}
<!-- rules -->
{%- for rule in pillar['firewalld'][include]['rule'] %}
<rule family="ipv4"><!-- {{ rule }} -->
{%- if pillar['firewalld'][include]['rule'][rule]['source'] is defined -%}
{#- #}
<source address="{{ pillar['firewalld'][include]['rule'][rule]['source'] }}"/>
{%- endif -%}
{%- if pillar['firewalld'][include]['rule'][rule]['service'] is defined -%}
{#- #}
<service name="{{ pillar['firewalld'][include]['rule'][rule]['service'] }}"/>
{%- elif pillar['firewalld'][include]['rule'][rule]['port'] is defined -%}
{%- set lst=pillar['firewalld'][include]['rule'][rule]['port'].split('/') %}
<port protocol="{{ lst[1] }}" port="{{ lst[0] }}"/>
{%- endif %}
<{{ pillar['firewalld'][include]['rule'][rule]['action'] }}/>
</rule>
{%- endfor -%}
{%- endif -%}
{%- endif -%}
{%- endfor -%}
{%- endif -%}
{%- endif -%}
{%- endif %}
</zone>