Manage common firewalld rules

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 15:49:48 +01:00 · 2023-01-29 15:49:48 +01:00 · e395f7f0a3
commit e395f7f0a3
parent e62080ae5b
2 changed files with 13 additions and 0 deletions
--- a/pillar/global/init.sls
+++ b/pillar/global/init.sls
@ -11,6 +11,14 @@ managed_header_pound: |
 {%- if grains['os'] == 'SUSE' %}
 zypper:
  refreshdb_force: False
+
+firewalld:
+  zones:
+    internal:
+      ports:
+        - comment: node_exporter
+          port: 9200
+          protocol: tcp
 {%- endif %}

 mine_functions:
--- a/pillar/global/ssh.sls
+++ b/pillar/global/ssh.sls
@ -30,3 +30,8 @@ sshd_config:
  Subsystem: sftp /usr/lib/ssh/sftp-server
  Banner: /etc/ssh/banner

+firewalld:
+  zones:
+    internal:
+      services:
+        - ssh