Linux technical support - [email protected]


saltstack firewalld formula rich rules example

[root@host]# cat /srv/pillar/firewalld/init.sls
# CentOS7 FirewallD firewall
firewalld:
  enabled: True
  default_zone: public
  zones:
    public:
      short: Public
      description: "For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted."
      services:
        - http
        - zabbixcustom
        - https
        - ssh
        - salt-minion
      rich_rules:
        - family: ipv4
          source:
              address: 8.8.8.8/24
          accept: true
      ports:
{% if grains['id'] == 'myhost.alexlinux.lan' %}
        - comment: salt-master
          port: 4505
          protocol: tcp
        - comment: salt-python
          port: 4506
          protocol: tcp
{% endif %}
        - comment: zabbix-agent
          port: 10050
          protocol: tcp
        - comment: bacula-client
          port: 9102
          protocol: tcp
        - comment: vsftpd
          port: 21
          protocol: tcp

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>