113 lines
2.7 KiB
YAML
113 lines
2.7 KiB
YAML
---
|
|
firewalld_enabled: True
|
|
|
|
firewalld_default_zone: public
|
|
firewalld_allow_zone_drifting: False
|
|
|
|
# @var firewalld_ipsets:description: A firewalld ipset configuration provides the information of an ip set for firewalld.
|
|
# @var firewalld_ipsets:example: >
|
|
# firewalld_ipsets:
|
|
# - name: appserver
|
|
# type: "hash:net"
|
|
# short: "App Servers"
|
|
# description: "Allow http access from all appservers"
|
|
# option: {}
|
|
# entry:
|
|
# - 192.168.2.1
|
|
# - 192.168.2.2
|
|
# @end
|
|
firewalld_ipsets: []
|
|
firewalld_ipsets_extra: []
|
|
|
|
# @var firewalld_services:description: >
|
|
# A firewalld service can be a list of local ports and destinations and additionally also a list of firewall helper modules
|
|
# automatically loaded if a service is enabled.
|
|
# @var firewalld_services:example: >
|
|
# - name: ""
|
|
# short: ""
|
|
# description: ""
|
|
# port: []
|
|
# protocol: []
|
|
# source_port: []
|
|
# module: []
|
|
# destination: {}
|
|
firewalld_services: []
|
|
firewalld_services_extra: []
|
|
|
|
# @var firewalld_zones:example: >
|
|
# firewalld_zones:
|
|
# - name: ""
|
|
# short: ""
|
|
# description: ""
|
|
# target: ""
|
|
# interface:
|
|
# - name: ""
|
|
# source:
|
|
# - address: ""
|
|
# - mac: ""
|
|
# - ipset: ""
|
|
# service:
|
|
# - name: ""
|
|
# port:
|
|
# - { port: "", protocol: "" }
|
|
# protocol:
|
|
# - value:
|
|
# icmp-block:
|
|
# - name:
|
|
# icmp-block-inversion: true
|
|
# masquerade: true
|
|
# forward: true
|
|
# forward-port:
|
|
# - { port: "", protocol: "" }
|
|
# source-port:
|
|
# - { port: "", protocol: "" }
|
|
# rule:
|
|
# - source: { address: "", mac: "", ipset: ""}
|
|
# destination: { address: "", mac: "", ipset: ""}
|
|
# service: {name: ""}
|
|
# port: {port: "", protocol: ""}
|
|
# protocol: {value: ""}
|
|
# icmp-block:
|
|
# name: ""
|
|
# icmp-type:
|
|
# name: ""
|
|
# masquerade: true
|
|
# forward-port:
|
|
# port: ""
|
|
# protocol: ""
|
|
# to-port: ""
|
|
# to-addr: ""
|
|
# source-port:
|
|
# port: ""
|
|
# protocol: ""
|
|
# log:
|
|
# prefix: ""
|
|
# level: ""
|
|
# limit: ""
|
|
# audit:
|
|
# limit: ""
|
|
# accept:
|
|
# limit: ""
|
|
# reject:
|
|
# rejecttype: ""
|
|
# limit: ""
|
|
# drop:
|
|
# limit: ""
|
|
# mark:
|
|
# set:
|
|
# limit: ""
|
|
# end
|
|
firewalld_zones:
|
|
- name: "public"
|
|
short: "Public"
|
|
description: >-
|
|
For use in public areas. You do not trust the other computers on networks
|
|
to not harm your computer. Only selected incoming connections are accepted.
|
|
service:
|
|
- name: ssh
|
|
- name: dhcpv6-client
|
|
- name: cockpit
|
|
firewalld_zones_extra: []
|
|
|
|
firewalld_zones_unmanaged: []
|