From: David Mulder <dmulder@suse.com>
Date: Wed, 6 Oct 2021 18:46:26 +0000 (-0600)
Subject: gp: Add Firewalld ADMX templates
X-Git-Tag: ldb-2.5.0~361
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7253405c35247dff192e86598b18d524e1602818;p=thirdparty%2Fsamba.git

gp: Add Firewalld ADMX templates

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---

diff --git a/libgpo/admx/en-US/samba.adml b/libgpo/admx/en-US/samba.adml
index a954c41a7d0..ad3a37ca142 100755
--- a/libgpo/admx/en-US/samba.adml
+++ b/libgpo/admx/en-US/samba.adml
@@ -3124,12 +3124,84 @@ Example: 192.9.200.1 192.168.2.61</string>
 
        u      Insert the number of current users logged in.
 
-       U      Insert the string "1 user" or "&lt;n&gt; users" where &lt;n&gt; is the number of current users logged in.
-
-       v      Insert the version of the OS, that is, the build-date and such.</string>
-    </stringTable>
-    <presentationTable>
-      <presentation id="POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061">
+       U      Insert the string "1 user" or "&lt;n&gt; users" where &lt;n&gt; is the number of current users logged in.
+
+       v      Insert the version of the OS, that is, the build-date and such.</string>
+      <string id="CAT_371A8FF5_990F_47DD_B200_D436AC28A4F9">Firewalld</string>
+      <string id="POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978">Zones</string>
+      <string id="POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978_Help">A list of zones to create. Existing zones on the host will be unaffected.
+
+Rule creation for zones is handled in the Rules setting.</string>
+      <string id="POL_B21F349F_4BF6_473E_8452_047D714F156C">Rules</string>
+      <string id="POL_B21F349F_4BF6_473E_8452_047D714F156C_Help">A JSON dictionary, containing zones paired with a list of rules.
+
+For example, to create rules for the Work and Home zones, specify the following JSON:
+
+{
+  "work": [
+    {"rule": {"family": "ipv4"}, "source address": "172.25.1.7", "service name": "ftp", "reject": {}},
+    {"rule": {}, "source address": "172.25.1.8", "service name": "ftp", "reject": {}}
+  ],
+  "home": [
+    {"rule": {}, "protocol value": "icmp", "reject": {}},
+    {"rule": {"family": "ipv4"}, "source address": "192.168.1.2/32", "service name": "telnet", "accept": {"limit value": "1/m"}}
+  ]
+}
+
+An improperly formatted JSON will be ignored.
+
+The rule structure loosely follows the Firewalld Rich Language Documentation.
+
+General rule structure:
+{
+  "rule": {
+    "family": "ipv4 | ipv6",
+    "priority": "priority"
+  },
+  "source [not] address | mac | ipset": "address[/mask] | mac-address | ipset",
+  "destination [not] adress": "address[/mask]",
+  "service name": "service name",
+  "port": {
+    "port": "port value",
+    "protocol": "tcp | udp"
+  }
+  "protocol value": "protocol value",
+  "icmp-block name": "icmptype name",
+  "Masquerade": true|false,
+  "icmp-type": "icmptype name",
+  "forward-port": {
+    "port": "port value",
+    "protocol": "tcp | udp",
+    "to-port": "port value",
+    "to-addr": "address"
+  },
+  "source-port": {
+    "port": "port value",
+    "protocol": "tcp | udp"
+  },
+  "log": {
+    "prefix": "prefix text",
+    "level": "emerg | alert | crit | error | warning | notice | info | debug",
+    "limit value": "rate/duration"
+  },
+  "audit": {
+    "limit value": "rate/duration"
+  },
+  "accept" : {
+    "limit value": "rate/duration"
+  } | "reject": {
+    "type": "reject type",
+    "limit value": "rate/duration"
+  } | "drop": {
+    "limit value": "rate/duration"
+  } | "mark": {
+    "set": "mark[/mask]",
+    "limit value": "rate/duration"
+  }
+}</string>
+    </stringTable>
+    <presentationTable>
+      <presentation id="POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061">
         <listBox refId="LST_2E9A4684_3C0E_415B_8FD6_D4AF68BC8AC6">Script and arguments</listBox>
       </presentation>
       <presentation id="POL_825D441F_905E_4C7E_9E4B_03013697C6C1">
@@ -4642,9 +4714,18 @@ Example: 192.9.200.1 192.168.2.61</string>
       <presentation id="POL_68E9155C_CB49_428E_AFE0_B89316FFD948">
         <textBox refId="TXT_8075D9EA_6E15_4B2A_833A_B918EE90856F">
           <label>Login Prompt Message</label>
-          <defaultValue>Welcome to \s \r \l</defaultValue>
-        </textBox>
-      </presentation>
-    </presentationTable>
-  </resources>
-</policyDefinitionResources>
+          <defaultValue>Welcome to \s \r \l</defaultValue>
+        </textBox>
+      </presentation>
+      <presentation id="POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978">
+        <listBox refId="LST_5B9AE80A_6529_4313_A9A1_764DF5320930">Firewalld Zones</listBox>
+      </presentation>
+      <presentation id="POL_B21F349F_4BF6_473E_8452_047D714F156C">
+        <textBox refId="TXT_76109A0B_AA79_4F69_ADFC_2B3CA52763D2">
+          <label>Firewalld Rules</label>
+          <defaultValue>{}</defaultValue>
+        </textBox>
+      </presentation>
+    </presentationTable>
+  </resources>
+</policyDefinitionResources>
diff --git a/libgpo/admx/samba.admx b/libgpo/admx/samba.admx
index d09956d5394..877c9f2ba23 100755
--- a/libgpo/admx/samba.admx
+++ b/libgpo/admx/samba.admx
@@ -17,12 +17,15 @@
     <category name="CAT_9DEF582D_447A_47E9_A1F5_363558D03FA9" displayName="$(string.CAT_9DEF582D_447A_47E9_A1F5_363558D03FA9)">
       <parentCategory ref="CAT_7D8D7DC8_5A9D_4BE1_8227_F09CDD5AFFC6" />
     </category>
-    <category displayName="$(string.CAT_10827749_64ED_5052_87F7_E81AD421856A)" name="CAT_10827749_64ED_5052_87F7_E81AD421856A">
-      <parentCategory ref="CAT_3338C1DD_8A00_4273_8547_158D8B8C19E9"/>
-    </category>
-  </categories>
-  <policies>
-    <policy name="POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061" class="Both" displayName="$(string.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061)" explainText="$(string.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061_Help)" presentation="$(presentation.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061)" key="Software\Policies\Samba\Unix Settings">
+    <category displayName="$(string.CAT_10827749_64ED_5052_87F7_E81AD421856A)" name="CAT_10827749_64ED_5052_87F7_E81AD421856A">
+      <parentCategory ref="CAT_3338C1DD_8A00_4273_8547_158D8B8C19E9"/>
+    </category>
+    <category name="CAT_371A8FF5_990F_47DD_B200_D436AC28A4F9" displayName="$(string.CAT_371A8FF5_990F_47DD_B200_D436AC28A4F9)">
+      <parentCategory ref="CAT_7D8D7DC8_5A9D_4BE1_8227_F09CDD5AFFC6" />
+    </category>
+  </categories>
+  <policies>
+    <policy name="POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061" class="Both" displayName="$(string.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061)" explainText="$(string.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061_Help)" presentation="$(presentation.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061)" key="Software\Policies\Samba\Unix Settings">
       <parentCategory ref="CAT_2B6D622C_5721_4C23_A2D6_5C70D6E059BA" />
       <supportedOn ref="windows:SUPPORTED_WindowsVista" />
       <elements>
@@ -2525,8 +2528,22 @@
       <parentCategory ref="CAT_9DEF582D_447A_47E9_A1F5_363558D03FA9" />
       <supportedOn ref="windows:SUPPORTED_WindowsVista" />
       <elements>
-        <text id="TXT_8075D9EA_6E15_4B2A_833A_B918EE90856F" key="Software\Policies\Samba\Unix Settings\Messages" valueName="issue" />
-      </elements>
-    </policy>
-  </policies>
-</policyDefinitions>
+        <text id="TXT_8075D9EA_6E15_4B2A_833A_B918EE90856F" key="Software\Policies\Samba\Unix Settings\Messages" valueName="issue" />
+      </elements>
+    </policy>
+    <policy name="POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978" class="Machine" displayName="$(string.POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978)" explainText="$(string.POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978_Help)" presentation="$(presentation.POL_ADABE9E0_FFF9_4FFE_A105_03E646C79978)" key="Software\Policies\Samba\Unix Settings\Firewalld" valueName="Zones">
+      <parentCategory ref="CAT_371A8FF5_990F_47DD_B200_D436AC28A4F9" />
+      <supportedOn ref="SUPPORTED_SAMBA_4_16" />
+      <elements>
+        <list id="LST_5B9AE80A_6529_4313_A9A1_764DF5320930" key="Software\Policies\Samba\Unix Settings\Firewalld\Zones" />
+      </elements>
+    </policy>
+    <policy name="POL_B21F349F_4BF6_473E_8452_047D714F156C" class="Machine" displayName="$(string.POL_B21F349F_4BF6_473E_8452_047D714F156C)" explainText="$(string.POL_B21F349F_4BF6_473E_8452_047D714F156C_Help)" presentation="$(presentation.POL_B21F349F_4BF6_473E_8452_047D714F156C)" key="Software\Policies\Samba\Unix Settings\Firewalld" valueName="Rules">
+      <parentCategory ref="CAT_371A8FF5_990F_47DD_B200_D436AC28A4F9" />
+      <supportedOn ref="SUPPORTED_SAMBA_4_16" />
+      <elements>
+        <text id="TXT_76109A0B_AA79_4F69_ADFC_2B3CA52763D2" key="Software\Policies\Samba\Unix Settings\Firewalld\Rules" valueName="Rules" />
+      </elements>
+    </policy>
+  </policies>
+</policyDefinitions>