---
firewalld_enabled: True

firewalld_default_zone: public
firewalld_allow_zone_drifting: False

# @var firewalld_ipsets:description: A firewalld ipset configuration provides the information of an ip set for firewalld.
# @var firewalld_ipsets:example: >
# firewalld_ipsets:
#     - name: appserver
#       type: "hash:net"
#       short: "App Servers"
#       description: "Allow http access from all appservers"
#       option: {}
#       entry:
#         - 192.168.2.1
#         - 192.168.2.2
# @end
firewalld_ipsets: []
firewalld_ipsets_extra: []

# @var firewalld_services:description: >
# A firewalld service can be a list of local ports and destinations and additionally also a list of firewall helper modules
# automatically loaded if a service is enabled.
# @var firewalld_services:example: >
#  - name: ""
#    short: ""
#    description: ""
#    port: []
#    protocol: []
#    source_port: []
#    module: []
#    destination: {}
firewalld_services: []
firewalld_services_extra: []

# @var firewalld_zones:example: >
# firewalld_zones:
#   - name: ""
#     short: ""
#     description: ""
#     target: ""
#     interface:
#       - name: ""
#     source:
#       - address: ""
#       - mac: ""
#       - ipset: ""
#     service:
#       - name: ""
#     port:
#       - { port: "", protocol: "" }
#     protocol:
#       - value:
#     icmp-block:
#       - name:
#     icmp-block-inversion: true
#     masquerade: true
#     forward: true
#     forward-port:
#       - { port: "", protocol: "" }
#     source-port:
#       - { port: "", protocol: "" }
#     rule:
#       - source: { address: "", mac: "", ipset: ""}
#         destination: { address: "", mac: "", ipset: ""}
#         service: {name: ""}
#         port: {port: "", protocol: ""}
#         protocol: {value: ""}
#         icmp-block:
#           name: ""
#         icmp-type:
#           name: ""
#         masquerade: true
#         forward-port:
#           port: ""
#           protocol: ""
#           to-port: ""
#           to-addr: ""
#         source-port:
#           port: ""
#           protocol: ""
#         log:
#           prefix: ""
#           level: ""
#           limit: ""
#         audit:
#           limit: ""
#         accept:
#           limit: ""
#         reject:
#           rejecttype: ""
#           limit: ""
#         drop:
#           limit: ""
#         mark:
#           set:
#           limit: ""
# end
firewalld_zones:
  - name: "public"
    short: "Public"
    description: >-
      For use in public areas. You do not trust the other computers on networks
      to not harm your computer. Only selected incoming connections are accepted.
    service:
      - name: ssh
      - name: dhcpv6-client
      - name: cockpit
firewalld_zones_extra: []

firewalld_zones_unmanaged: []