root/usr/share/firewall4/templates/zone-verdict.uc

   1 {%+ if (rule.family): -%}
   2         meta nfproto {{ fw4.nfproto(rule.family) }} {%+ endif -%}
   3 {%+ if (rule.devices_pos): -%}
   4         {{ egress ? "oifname" : "iifname" }} {{ fw4.set(rule.devices_pos) }} {%+ endif -%}
   5 {%+ if (rule.devices_neg): -%}
   6         {{ egress ? "oifname" : "iifname"
   7         }} != {{ fw4.set(rule.devices_neg) }} {%+ endif -%}
   8 {%+ if (rule.subnets_pos): -%}
   9         {{ fw4.ipproto(rule.family) }} {{ egress ? "daddr" : "saddr" }} {{ fw4.set(rule.subnets_pos) }} {%+ endif -%}
  10 {%+ if (rule.subnets_neg): -%}
  11         {{ fw4.ipproto(rule.family) }} {{ egress ? "daddr" : "saddr" }} != {{ fw4.set(rule.subnets_neg) }} {%+ endif -%}
  12 {%+ if (zone.counter): -%}
  13         counter {%+ endif -%}
  14 {%+ if (verdict != "accept" && (zone.log & 1)): -%}
  15         log prefix "{{ verdict }} {{ zone.name }} {{ egress ? "out" : "in" }}: " {%+ endif -%}
  16 {% if (verdict == "reject"): -%}
  17         jump handle_reject comment "!fw4: reject {{ zone.name }} {{ fw4.nfproto(rule.family, true) }} traffic"
  18 {% else -%}
  19         {{ verdict }} comment "!fw4: {{ verdict }} {{ zone.name }} {{ fw4.nfproto(rule.family, true) }} traffic"
  20 {% endif -%}