saltstack-formulas/firewalld-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f5c2acbd3a
firewalld-formula/firewalld/ipsets.sls

84 lines
2.3 KiB
Plaintext
Raw Normal View History

add ipset support for firewalld
2016-09-03 21:43:40 +02:00
# == State: firewalld.ipsets
#
# This state ensures that /etc/firewalld/ipsets/ exists.
#
{% from "firewalld/map.jinja" import firewalld with context %}
Refactor ipset format, add backward compatibility See https://github.com/saltstack-formulas/firewalld-formula/pull/21#pullrequestreview-146958098
2018-08-25 23:27:37 +02:00
# Backward compatibility setting and deprecation notices
{% set ipset_manage = false %}
{% set ipset_pkg = 'ipset' %}
{% set ipset_sets = firewalld.ipsets %}
{% if firewalld.ipset is mapping %}
{% set ipset_manage = firewalld.ipset.manage %}
{% set ipset_pkg = firewalld.ipset.pkg %}
{% else %}
### Manage setting (old firewalld:ipset)
firewalld-ipset-deprecated:
test.show_notification:
- text: |
'firewalld:ipset' format has changed and setting it as boolean is deprecated.
Set 'firewalld:ipset:manage' instead.
See firewalld/pillar.example for more information
{% set ipset_manage = firewalld.ipset %}
{% endif %}
### Package setting (old firewalld:ipsetpackage)
{% if firewalld.ipsetpackage is defined %}
firewalld-ipsetpackage-deprecated:
test.show_notification:
- text: |
'firewalld:ipsetpackage' is deprecated. Use 'firewalld:ipset:pkg' instead
See firewalld/pillar.example for more information
{% set ipset_pkg = firewalld.ipsetpackage %}
{% endif %}
{%- if ipset_manage %}
add ipset support for firewalld
2016-09-03 21:43:40 +02:00
package_ipset:
pkg.installed:
Refactor ipset format, add backward compatibility See https://github.com/saltstack-formulas/firewalld-formula/pull/21#pullrequestreview-146958098
2018-08-25 23:27:37 +02:00
- name: {{ ipset_pkg }}
add ipset support for firewalld
2016-09-03 21:43:40 +02:00
directory_firewalld_ipsets:
file.directory: # make sure this is a directory
- name: /etc/firewalld/ipsets
- user: root
- group: root
- mode: 750
- require:
- pkg: package_firewalld # make sure package is installed
Reload, rather than restart, the FirewallD service
2017-03-10 20:14:51 +01:00
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config
add ipset support for firewalld
2016-09-03 21:43:40 +02:00
# == Define: firewalld.ipsets
#
# This defines a ipset configuration, see firewalld.ipset (5) man page.
#
Refactor ipset format, add backward compatibility See https://github.com/saltstack-formulas/firewalld-formula/pull/21#pullrequestreview-146958098
2018-08-25 23:27:37 +02:00
{% for k, v in ipset_sets.items() %}
{% set z_name = v.name|default(k) %}
add ipset support for firewalld
2016-09-03 21:43:40 +02:00
/etc/firewalld/ipsets/{{ z_name }}.xml:
file.managed:
- name: /etc/firewalld/ipsets/{{ z_name }}.xml
- user: root
- group: root
- mode: 644
- source: salt://firewalld/files/ipset.xml
- template: jinja
- require:
- pkg: package_firewalld # make sure package is installed
- file: directory_firewalld_ipsets
Reload, rather than restart, the FirewallD service
2017-03-10 20:14:51 +01:00
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config
add ipset support for firewalld
2016-09-03 21:43:40 +02:00
- context:
Revert "Fix ipset:type colon handling error"
2018-05-13 22:14:49 +02:00
name: {{ z_name }}
ipset: {{ v }}
add ipset support for firewalld
2016-09-03 21:43:40 +02:00
Refactor ipset format, add backward compatibility See https://github.com/saltstack-formulas/firewalld-formula/pull/21#pullrequestreview-146958098
2018-08-25 23:27:37 +02:00
{% endfor %}
add ipset support for firewalld
2016-09-03 21:43:40 +02:00
{%- endif %}
Reference in New Issue Copy Permalink