2014-08-23 16:44:48 +02:00
|
|
|
|
|
|
|
# == State: firewalld
|
|
|
|
#
|
|
|
|
# This state installs/runs firewalld.
|
|
|
|
#
|
2016-01-19 22:15:08 +01:00
|
|
|
{% from "firewalld/map.jinja" import firewalld with context %}
|
2014-08-23 16:44:48 +02:00
|
|
|
|
2018-06-05 16:15:04 +02:00
|
|
|
{% if salt['grains.get']('osfullname') == "SLES" and salt['grains.get']('osmajorrelease')|int < 15 %}
|
|
|
|
|
|
|
|
firewalld-unsupported:
|
|
|
|
test.show_notification:
|
|
|
|
- text: |
|
|
|
|
Firewalld is not supported on {{ grains['osfinger'] }}
|
|
|
|
See https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15/#fate-323460
|
|
|
|
|
2018-08-25 23:20:27 +02:00
|
|
|
{% elif firewalld.enabled %}
|
2018-06-05 16:15:04 +02:00
|
|
|
|
2014-08-23 16:44:48 +02:00
|
|
|
include:
|
2016-01-19 22:15:08 +01:00
|
|
|
- firewalld.config
|
2016-09-03 21:43:40 +02:00
|
|
|
- firewalld.ipsets
|
2018-08-12 20:26:21 +02:00
|
|
|
- firewalld.backend
|
2016-01-19 22:15:08 +01:00
|
|
|
- firewalld.services
|
|
|
|
- firewalld.zones
|
2016-09-13 23:25:51 +02:00
|
|
|
- firewalld.direct
|
2014-08-23 16:44:48 +02:00
|
|
|
|
|
|
|
# iptables service that comes with rhel/centos
|
|
|
|
iptables:
|
2016-01-19 22:15:08 +01:00
|
|
|
service.disabled:
|
2014-08-23 16:44:48 +02:00
|
|
|
- enable: False
|
2017-03-10 20:14:51 +01:00
|
|
|
|
2014-08-23 16:44:48 +02:00
|
|
|
ip6tables:
|
2016-01-19 22:15:08 +01:00
|
|
|
service.disabled:
|
2014-08-23 16:44:48 +02:00
|
|
|
- enable: False
|
|
|
|
|
2016-01-19 22:15:08 +01:00
|
|
|
package_firewalld:
|
|
|
|
pkg.installed:
|
|
|
|
- name: {{ firewalld.package }}
|
|
|
|
|
2017-03-10 20:14:51 +01:00
|
|
|
service_firewalld:
|
2016-01-19 22:15:08 +01:00
|
|
|
service.running:
|
|
|
|
- name: {{ firewalld.service }}
|
2014-08-23 16:44:48 +02:00
|
|
|
- enable: True # start on boot
|
|
|
|
- require:
|
2016-01-19 22:15:08 +01:00
|
|
|
- pkg: package_firewalld
|
|
|
|
- file: config_firewalld
|
|
|
|
- service: iptables # ensure it's stopped
|
|
|
|
- service: ip6tables # ensure it's stopped
|
2016-03-16 17:49:24 +01:00
|
|
|
|
2017-03-10 20:14:51 +01:00
|
|
|
reload_firewalld:
|
|
|
|
cmd.wait:
|
|
|
|
- name: 'firewall-cmd --reload'
|
2016-03-16 17:49:24 +01:00
|
|
|
- require:
|
2017-03-10 20:14:51 +01:00
|
|
|
- service: service_firewalld
|
2016-03-16 17:49:24 +01:00
|
|
|
|
|
|
|
{% else %}
|
2018-06-05 16:15:04 +02:00
|
|
|
|
2017-03-10 20:14:51 +01:00
|
|
|
service_firewalld:
|
2016-01-19 22:15:08 +01:00
|
|
|
service.dead:
|
|
|
|
- name: {{ firewalld.service }}
|
|
|
|
- enable: False # don't start on boot
|
2018-06-05 16:15:04 +02:00
|
|
|
|
2016-01-19 22:15:08 +01:00
|
|
|
{% endif %}
|