\r
u Insert the number of current users logged in.\r
\r
- U Insert the string "1 user" or "<n> users" where <n> is the number of current users logged in.\r
-\r
- v Insert the version of the OS, that is, the build-date and such.</string>\r
- </stringTable>\r
- <presentationTable>\r
- <presentation id="POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061">\r
+ U Insert the string "1 user" or "<n> users" where <n> is the number of current users logged in.
+
+ v Insert the version of the OS, that is, the build-date and such.</string>
+ <string id="CAT_371A8FF5_990F_47DD_B200_D436AC28A4F9">Firewalld</string>
+ <string id="POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978">Zones</string>
+ <string id="POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978_Help">A list of zones to create. Existing zones on the host will be unaffected.
+
+Rule creation for zones is handled in the Rules setting.</string>
+ <string id="POL_B21F349F_4BF6_473E_8452_047D714F156C">Rules</string>
+ <string id="POL_B21F349F_4BF6_473E_8452_047D714F156C_Help">A JSON dictionary, containing zones paired with a list of rules.
+
+For example, to create rules for the Work and Home zones, specify the following JSON:
+
+{
+ "work": [
+ {"rule": {"family": "ipv4"}, "source address": "172.25.1.7", "service name": "ftp", "reject": {}},
+ {"rule": {}, "source address": "172.25.1.8", "service name": "ftp", "reject": {}}
+ ],
+ "home": [
+ {"rule": {}, "protocol value": "icmp", "reject": {}},
+ {"rule": {"family": "ipv4"}, "source address": "192.168.1.2/32", "service name": "telnet", "accept": {"limit value": "1/m"}}
+ ]
+}
+
+An improperly formatted JSON will be ignored.
+
+The rule structure loosely follows the Firewalld Rich Language Documentation.
+
+General rule structure:
+{
+ "rule": {
+ "family": "ipv4 | ipv6",
+ "priority": "priority"
+ },
+ "source [not] address | mac | ipset": "address[/mask] | mac-address | ipset",
+ "destination [not] adress": "address[/mask]",
+ "service name": "service name",
+ "port": {
+ "port": "port value",
+ "protocol": "tcp | udp"
+ }
+ "protocol value": "protocol value",
+ "icmp-block name": "icmptype name",
+ "Masquerade": true|false,
+ "icmp-type": "icmptype name",
+ "forward-port": {
+ "port": "port value",
+ "protocol": "tcp | udp",
+ "to-port": "port value",
+ "to-addr": "address"
+ },
+ "source-port": {
+ "port": "port value",
+ "protocol": "tcp | udp"
+ },
+ "log": {
+ "prefix": "prefix text",
+ "level": "emerg | alert | crit | error | warning | notice | info | debug",
+ "limit value": "rate/duration"
+ },
+ "audit": {
+ "limit value": "rate/duration"
+ },
+ "accept" : {
+ "limit value": "rate/duration"
+ } | "reject": {
+ "type": "reject type",
+ "limit value": "rate/duration"
+ } | "drop": {
+ "limit value": "rate/duration"
+ } | "mark": {
+ "set": "mark[/mask]",
+ "limit value": "rate/duration"
+ }
+}</string>
+ </stringTable>
+ <presentationTable>
+ <presentation id="POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061">
<listBox refId="LST_2E9A4684_3C0E_415B_8FD6_D4AF68BC8AC6">Script and arguments</listBox>\r
</presentation>\r
<presentation id="POL_825D441F_905E_4C7E_9E4B_03013697C6C1">\r
<presentation id="POL_68E9155C_CB49_428E_AFE0_B89316FFD948">\r
<textBox refId="TXT_8075D9EA_6E15_4B2A_833A_B918EE90856F">\r
<label>Login Prompt Message</label>\r
- <defaultValue>Welcome to \s \r \l</defaultValue>\r
- </textBox>\r
- </presentation>\r
- </presentationTable>\r
- </resources>\r
-</policyDefinitionResources>\r
+ <defaultValue>Welcome to \s \r \l</defaultValue>
+ </textBox>
+ </presentation>
+ <presentation id="POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978">
+ <listBox refId="LST_5B9AE80A_6529_4313_A9A1_764DF5320930">Firewalld Zones</listBox>
+ </presentation>
+ <presentation id="POL_B21F349F_4BF6_473E_8452_047D714F156C">
+ <textBox refId="TXT_76109A0B_AA79_4F69_ADFC_2B3CA52763D2">
+ <label>Firewalld Rules</label>
+ <defaultValue>{}</defaultValue>
+ </textBox>
+ </presentation>
+ </presentationTable>
+ </resources>
+</policyDefinitionResources>
<category name="CAT_9DEF582D_447A_47E9_A1F5_363558D03FA9" displayName="$(string.CAT_9DEF582D_447A_47E9_A1F5_363558D03FA9)">\r
<parentCategory ref="CAT_7D8D7DC8_5A9D_4BE1_8227_F09CDD5AFFC6" />\r
</category>\r
- <category displayName="$(string.CAT_10827749_64ED_5052_87F7_E81AD421856A)" name="CAT_10827749_64ED_5052_87F7_E81AD421856A">\r
- <parentCategory ref="CAT_3338C1DD_8A00_4273_8547_158D8B8C19E9"/>\r
- </category>\r
- </categories>\r
- <policies>\r
- <policy name="POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061" class="Both" displayName="$(string.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061)" explainText="$(string.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061_Help)" presentation="$(presentation.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061)" key="Software\Policies\Samba\Unix Settings">\r
+ <category displayName="$(string.CAT_10827749_64ED_5052_87F7_E81AD421856A)" name="CAT_10827749_64ED_5052_87F7_E81AD421856A">
+ <parentCategory ref="CAT_3338C1DD_8A00_4273_8547_158D8B8C19E9"/>
+ </category>
+ <category name="CAT_371A8FF5_990F_47DD_B200_D436AC28A4F9" displayName="$(string.CAT_371A8FF5_990F_47DD_B200_D436AC28A4F9)">
+ <parentCategory ref="CAT_7D8D7DC8_5A9D_4BE1_8227_F09CDD5AFFC6" />
+ </category>
+ </categories>
+ <policies>
+ <policy name="POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061" class="Both" displayName="$(string.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061)" explainText="$(string.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061_Help)" presentation="$(presentation.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061)" key="Software\Policies\Samba\Unix Settings">
<parentCategory ref="CAT_2B6D622C_5721_4C23_A2D6_5C70D6E059BA" />\r
<supportedOn ref="windows:SUPPORTED_WindowsVista" />\r
<elements>\r
<parentCategory ref="CAT_9DEF582D_447A_47E9_A1F5_363558D03FA9" />\r
<supportedOn ref="windows:SUPPORTED_WindowsVista" />\r
<elements>\r
- <text id="TXT_8075D9EA_6E15_4B2A_833A_B918EE90856F" key="Software\Policies\Samba\Unix Settings\Messages" valueName="issue" />\r
- </elements>\r
- </policy>\r
- </policies>\r
-</policyDefinitions>\r
+ <text id="TXT_8075D9EA_6E15_4B2A_833A_B918EE90856F" key="Software\Policies\Samba\Unix Settings\Messages" valueName="issue" />
+ </elements>
+ </policy>
+ <policy name="POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978" class="Machine" displayName="$(string.POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978)" explainText="$(string.POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978_Help)" presentation="$(presentation.POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978)" key="Software\Policies\Samba\Unix Settings\Firewalld" valueName="Zones">
+ <parentCategory ref="CAT_371A8FF5_990F_47DD_B200_D436AC28A4F9" />
+ <supportedOn ref="SUPPORTED_SAMBA_4_16" />
+ <elements>
+ <list id="LST_5B9AE80A_6529_4313_A9A1_764DF5320930" key="Software\Policies\Samba\Unix Settings\Firewalld\Zones" />
+ </elements>
+ </policy>
+ <policy name="POL_B21F349F_4BF6_473E_8452_047D714F156C" class="Machine" displayName="$(string.POL_B21F349F_4BF6_473E_8452_047D714F156C)" explainText="$(string.POL_B21F349F_4BF6_473E_8452_047D714F156C_Help)" presentation="$(presentation.POL_B21F349F_4BF6_473E_8452_047D714F156C)" key="Software\Policies\Samba\Unix Settings\Firewalld" valueName="Rules">
+ <parentCategory ref="CAT_371A8FF5_990F_47DD_B200_D436AC28A4F9" />
+ <supportedOn ref="SUPPORTED_SAMBA_4_16" />
+ <elements>
+ <text id="TXT_76109A0B_AA79_4F69_ADFC_2B3CA52763D2" key="Software\Policies\Samba\Unix Settings\Firewalld\Rules" valueName="Rules" />
+ </elements>
+ </policy>
+ </policies>
+</policyDefinitions>