61 lines
2.1 KiB
XML
61 lines
2.1 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<zone>
|
|
{#- ensure that zone exists in firewalld pillar -#}
|
|
{%- if pillar['firewalld'] is defined -%}
|
|
{%- if pillar['firewalld'][zone] is defined %}
|
|
<short>{{ zone }}</short>
|
|
|
|
{#- check if there's a description of this zone and add it if applicable- #}
|
|
{%- if pillar['firewalld'][zone]['description'] is defined %}
|
|
<description>{{ pillar['firewalld'][zone]['description'] }}</description>
|
|
{% endif %}
|
|
|
|
{#- grab sources if applicable -#}
|
|
{%- if pillar['firewalld'][zone]['source'] is defined %}
|
|
<!-- sources -->
|
|
{%- for source in pillar['firewalld'][zone]['source'] %}
|
|
<source address="{{ source }}"/>
|
|
{%- endfor -%}
|
|
{%- endif -%}
|
|
|
|
{#- grab services for this zone of server -#}
|
|
{%- if pillar['firewalld'][zone]['service'] is defined %}
|
|
<!-- services -->
|
|
{%- for service in pillar['firewalld'][zone]['service'] %}
|
|
<service name="{{ service }}"/>
|
|
{%- endfor -%}
|
|
{%- endif -%}
|
|
|
|
{#- grab ports for the this zone on server -#}
|
|
{%- if pillar['firewalld'][zone]['port'] is defined %}
|
|
<!-- ports -->
|
|
{%- for port in pillar['firewalld'][zone]['port'] -%}
|
|
{%- set lst=port.split('/') %}
|
|
<port protocol="{{ lst[1] }}" port= "{{ lst[0] }}"/>
|
|
{%- endfor -%}
|
|
{%- endif -%}
|
|
|
|
{#- grab specific rules for the this zone on server -#}
|
|
{%- if pillar['firewalld'][zone]['rule'] is defined %}
|
|
<!-- rules -->
|
|
{%- for rule in pillar['firewalld'][zone]['rule'] %}
|
|
<rule family="ipv4"><!-- {{ rule }} -->
|
|
{%- if pillar['firewalld'][zone]['rule'][rule]['source'] is defined -%}
|
|
{#- #}
|
|
<source address="{{ pillar['firewalld'][zone]['rule'][rule]['source'] }}"/>
|
|
{%- endif -%}
|
|
{%- if pillar['firewalld'][zone]['rule'][rule]['service'] is defined -%}
|
|
{#- #}
|
|
<service name="{{ pillar['firewalld'][zone]['rule'][rule]['service'] }}"/>
|
|
{%- elif pillar['firewalld'][zone]['rule'][rule]['port'] is defined -%}
|
|
{%- set lst=pillar['firewalld'][zone]['rule'][rule]['port'].split('/') %}
|
|
<port protocol="{{ lst[1] }}" port="{{ lst[0] }}"/>
|
|
{%- endif %}
|
|
<{{ pillar['firewalld'][zone]['rule'][rule]['action'] }}/>
|
|
</rule>
|
|
{%- endfor -%}
|
|
{%- endif -%}
|
|
|
|
{%- endif -%}
|
|
{%- endif %}
|
|
</zone>
|