diff options
author | David Mulder <dmulder@suse.com> | 2021-10-06 12:46:26 -0600 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2021-10-25 08:31:31 +0000 |
commit | 7253405c35247dff192e86598b18d524e1602818 (patch) | |
tree | 7df628f11bb4f8ebd1042821df9f9a2c63245f1f /libgpo | |
parent | 5094d986b7686f057195dcb10764295b88967019 (diff) | |
download | samba-7253405c35247dff192e86598b18d524e1602818.tar.gz |
gp: Add Firewalld ADMX templates
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'libgpo')
-rwxr-xr-x | libgpo/admx/en-US/samba.adml | 105 | ||||
-rwxr-xr-x | libgpo/admx/samba.admx | 39 |
2 files changed, 121 insertions, 23 deletions
diff --git a/libgpo/admx/en-US/samba.adml b/libgpo/admx/en-US/samba.adml index a954c41a7d0..ad3a37ca142 100755 --- a/libgpo/admx/en-US/samba.adml +++ b/libgpo/admx/en-US/samba.adml @@ -3124,12 +3124,84 @@ Example: 192.9.200.1 192.168.2.61</string> u Insert the number of current users logged in.
- U Insert the string "1 user" or "<n> users" where <n> is the number of current users logged in.
-
- v Insert the version of the OS, that is, the build-date and such.</string>
- </stringTable>
- <presentationTable>
- <presentation id="POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061">
+ U Insert the string "1 user" or "<n> users" where <n> is the number of current users logged in. + + v Insert the version of the OS, that is, the build-date and such.</string> + <string id="CAT_371A8FF5_990F_47DD_B200_D436AC28A4F9">Firewalld</string> + <string id="POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978">Zones</string> + <string id="POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978_Help">A list of zones to create. Existing zones on the host will be unaffected. + +Rule creation for zones is handled in the Rules setting.</string> + <string id="POL_B21F349F_4BF6_473E_8452_047D714F156C">Rules</string> + <string id="POL_B21F349F_4BF6_473E_8452_047D714F156C_Help">A JSON dictionary, containing zones paired with a list of rules. + +For example, to create rules for the Work and Home zones, specify the following JSON: + +{ + "work": [ + {"rule": {"family": "ipv4"}, "source address": "172.25.1.7", "service name": "ftp", "reject": {}}, + {"rule": {}, "source address": "172.25.1.8", "service name": "ftp", "reject": {}} + ], + "home": [ + {"rule": {}, "protocol value": "icmp", "reject": {}}, + {"rule": {"family": "ipv4"}, "source address": "192.168.1.2/32", "service name": "telnet", "accept": {"limit value": "1/m"}} + ] +} + +An improperly formatted JSON will be ignored. + +The rule structure loosely follows the Firewalld Rich Language Documentation. + +General rule structure: +{ + "rule": { + "family": "ipv4 | ipv6", + "priority": "priority" + }, + "source [not] address | mac | ipset": "address[/mask] | mac-address | ipset", + "destination [not] adress": "address[/mask]", + "service name": "service name", + "port": { + "port": "port value", + "protocol": "tcp | udp" + } + "protocol value": "protocol value", + "icmp-block name": "icmptype name", + "Masquerade": true|false, + "icmp-type": "icmptype name", + "forward-port": { + "port": "port value", + "protocol": "tcp | udp", + "to-port": "port value", + "to-addr": "address" + }, + "source-port": { + "port": "port value", + "protocol": "tcp | udp" + }, + "log": { + "prefix": "prefix text", + "level": "emerg | alert | crit | error | warning | notice | info | debug", + "limit value": "rate/duration" + }, + "audit": { + "limit value": "rate/duration" + }, + "accept" : { + "limit value": "rate/duration" + } | "reject": { + "type": "reject type", + "limit value": "rate/duration" + } | "drop": { + "limit value": "rate/duration" + } | "mark": { + "set": "mark[/mask]", + "limit value": "rate/duration" + } +}</string> + </stringTable> + <presentationTable> + <presentation id="POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061"> <listBox refId="LST_2E9A4684_3C0E_415B_8FD6_D4AF68BC8AC6">Script and arguments</listBox>
</presentation>
<presentation id="POL_825D441F_905E_4C7E_9E4B_03013697C6C1">
@@ -4642,9 +4714,18 @@ Example: 192.9.200.1 192.168.2.61</string> <presentation id="POL_68E9155C_CB49_428E_AFE0_B89316FFD948">
<textBox refId="TXT_8075D9EA_6E15_4B2A_833A_B918EE90856F">
<label>Login Prompt Message</label>
- <defaultValue>Welcome to \s \r \l</defaultValue>
- </textBox>
- </presentation>
- </presentationTable>
- </resources>
-</policyDefinitionResources>
+ <defaultValue>Welcome to \s \r \l</defaultValue> + </textBox> + </presentation> + <presentation id="POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978"> + <listBox refId="LST_5B9AE80A_6529_4313_A9A1_764DF5320930">Firewalld Zones</listBox> + </presentation> + <presentation id="POL_B21F349F_4BF6_473E_8452_047D714F156C"> + <textBox refId="TXT_76109A0B_AA79_4F69_ADFC_2B3CA52763D2"> + <label>Firewalld Rules</label> + <defaultValue>{}</defaultValue> + </textBox> + </presentation> + </presentationTable> + </resources> +</policyDefinitionResources> diff --git a/libgpo/admx/samba.admx b/libgpo/admx/samba.admx index d09956d5394..877c9f2ba23 100755 --- a/libgpo/admx/samba.admx +++ b/libgpo/admx/samba.admx @@ -17,12 +17,15 @@ <category name="CAT_9DEF582D_447A_47E9_A1F5_363558D03FA9" displayName="$(string.CAT_9DEF582D_447A_47E9_A1F5_363558D03FA9)">
<parentCategory ref="CAT_7D8D7DC8_5A9D_4BE1_8227_F09CDD5AFFC6" />
</category>
- <category displayName="$(string.CAT_10827749_64ED_5052_87F7_E81AD421856A)" name="CAT_10827749_64ED_5052_87F7_E81AD421856A">
- <parentCategory ref="CAT_3338C1DD_8A00_4273_8547_158D8B8C19E9"/>
- </category>
- </categories>
- <policies>
- <policy name="POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061" class="Both" displayName="$(string.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061)" explainText="$(string.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061_Help)" presentation="$(presentation.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061)" key="Software\Policies\Samba\Unix Settings">
+ <category displayName="$(string.CAT_10827749_64ED_5052_87F7_E81AD421856A)" name="CAT_10827749_64ED_5052_87F7_E81AD421856A"> + <parentCategory ref="CAT_3338C1DD_8A00_4273_8547_158D8B8C19E9"/> + </category> + <category name="CAT_371A8FF5_990F_47DD_B200_D436AC28A4F9" displayName="$(string.CAT_371A8FF5_990F_47DD_B200_D436AC28A4F9)"> + <parentCategory ref="CAT_7D8D7DC8_5A9D_4BE1_8227_F09CDD5AFFC6" /> + </category> + </categories> + <policies> + <policy name="POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061" class="Both" displayName="$(string.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061)" explainText="$(string.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061_Help)" presentation="$(presentation.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061)" key="Software\Policies\Samba\Unix Settings"> <parentCategory ref="CAT_2B6D622C_5721_4C23_A2D6_5C70D6E059BA" />
<supportedOn ref="windows:SUPPORTED_WindowsVista" />
<elements>
@@ -2525,8 +2528,22 @@ <parentCategory ref="CAT_9DEF582D_447A_47E9_A1F5_363558D03FA9" />
<supportedOn ref="windows:SUPPORTED_WindowsVista" />
<elements>
- <text id="TXT_8075D9EA_6E15_4B2A_833A_B918EE90856F" key="Software\Policies\Samba\Unix Settings\Messages" valueName="issue" />
- </elements>
- </policy>
- </policies>
-</policyDefinitions>
+ <text id="TXT_8075D9EA_6E15_4B2A_833A_B918EE90856F" key="Software\Policies\Samba\Unix Settings\Messages" valueName="issue" /> + </elements> + </policy> + <policy name="POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978" class="Machine" displayName="$(string.POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978)" explainText="$(string.POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978_Help)" presentation="$(presentation.POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978)" key="Software\Policies\Samba\Unix Settings\Firewalld" valueName="Zones"> + <parentCategory ref="CAT_371A8FF5_990F_47DD_B200_D436AC28A4F9" /> + <supportedOn ref="SUPPORTED_SAMBA_4_16" /> + <elements> + <list id="LST_5B9AE80A_6529_4313_A9A1_764DF5320930" key="Software\Policies\Samba\Unix Settings\Firewalld\Zones" /> + </elements> + </policy> + <policy name="POL_B21F349F_4BF6_473E_8452_047D714F156C" class="Machine" displayName="$(string.POL_B21F349F_4BF6_473E_8452_047D714F156C)" explainText="$(string.POL_B21F349F_4BF6_473E_8452_047D714F156C_Help)" presentation="$(presentation.POL_B21F349F_4BF6_473E_8452_047D714F156C)" key="Software\Policies\Samba\Unix Settings\Firewalld" valueName="Rules"> + <parentCategory ref="CAT_371A8FF5_990F_47DD_B200_D436AC28A4F9" /> + <supportedOn ref="SUPPORTED_SAMBA_4_16" /> + <elements> + <text id="TXT_76109A0B_AA79_4F69_ADFC_2B3CA52763D2" key="Software\Policies\Samba\Unix Settings\Firewalld\Rules" valueName="Rules" /> + </elements> + </policy> + </policies> +</policyDefinitions> |