From f4339dae0072eb7bbe1eb731ec4a11f31632ef7b Mon Sep 17 00:00:00 2001 From: hygienic-books Date: Tue, 5 Jul 2022 04:46:30 +0200 Subject: [PATCH] feat(config): Add iptables connection state options --- examples/config.ini.example | 4 +++- update-firewall-source.py | 14 ++++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/examples/config.ini.example b/examples/config.ini.example index 57653fc..79b679d 100644 --- a/examples/config.ini.example +++ b/examples/config.ini.example @@ -3,7 +3,9 @@ target = ACCEPT addr = ports = 80, 443 proto = tcp -do_config_check = true +state = NEW +do_ipv6 = false +firewalld_direct_file_abs = /etc/firewalld/direct.xml restart_firewalld_after_change = true [anyone-can-access-website] diff --git a/update-firewall-source.py b/update-firewall-source.py index 97e24af..6ed1850 100644 --- a/update-firewall-source.py +++ b/update-firewall-source.py @@ -49,12 +49,14 @@ class CONST(object): # an empty string. An example config.ini file may give a sane config example value here, removing that value # still results in a valid file. CFG_KNOWN_DEFAULTS = [ - {"key": "target", "value": "ACCEPT", "is_global": False}, - {"key": "addr", "value": "", "is_global": False}, - {"key": "ports", "value": "80, 443", "is_global": False}, - {"key": "proto", "value": "tcp", "is_global": False}, - {"key": "do_config_check", "value": "true", "is_global": True}, - {"key": "restart_firewalld_after_change", "value": "true", "is_global": True} + {"key": "target", "value": "ACCEPT", "is_global": False, "empty_ok": False}, + {"key": "addr", "value": "", "is_global": False, "empty_ok": True}, + {"key": "ports", "value": "80, 443", "is_global": False, "empty_ok": True}, + {"key": "proto", "value": "tcp", "is_global": False, "empty_ok": True}, + {"key": "state", "value": "NEW", "is_global": False, "empty_ok": True}, + {"key": "do_ipv6", "value": "false", "is_global": False, "empty_ok": False}, + {"key": "firewalld_direct_abs", "value": "/etc/firewalld/direct.xml", "is_global": True, "empty_ok": False}, + {"key": "restart_firewalld_after_change", "value": "true", "is_global": True, "empty_ok": False} ] # In all sections other than 'default' the following settings are known and accepted. We ignore other settings. # Per CFG_KNOWN_DEFAULTS above most '[DEFAULT]' options are accepted by virtue of being defaults and overridable.