diff --git a/firewalld/files/zone.xml b/firewalld/files/zone.xml index 9519b43..2276939 100644 --- a/firewalld/files/zone.xml +++ b/firewalld/files/zone.xml @@ -4,12 +4,8 @@ Do not edit this file manually, it will be overwritten! Modify the salt pillar for firewalld instead --> -{%- macro rich_rule(rule) -%} - {%- if 'family' in rule %} - - {%- else %} - - {%- endif %} +{%- macro rich_rule(rule) %} + {%- if 'ipset' in rule %} {%- endif %} diff --git a/pillar.example b/pillar.example index 0735832..87d4690 100644 --- a/pillar.example +++ b/pillar.example @@ -167,6 +167,13 @@ firewalld: # can be used. Special keys "ipsets" and "services", if defined, take precedence. # They will be auto-expanded into separate rich rules per value in the list. rich_rules: + http-priority: + accept: true + ipsets: + - other-ipset + priority: 15 + services: + - http ssh-csg: accept: true ipsets: diff --git a/test/integration/default/controls/zones_spec.rb b/test/integration/default/controls/zones_spec.rb index b1b6cbf..f1aac38 100644 --- a/test/integration/default/controls/zones_spec.rb +++ b/test/integration/default/controls/zones_spec.rb @@ -63,6 +63,11 @@ control 'zones/rich_public.xml configuration' do rich_public Example + + + + + diff --git a/test/integration/default/files/_mapdata/amazonlinux-1.yaml b/test/integration/default/files/_mapdata/amazonlinux-1.yaml index 3750061..7126e70 100644 --- a/test/integration/default/files/_mapdata/amazonlinux-1.yaml +++ b/test/integration/default/files/_mapdata/amazonlinux-1.yaml @@ -150,6 +150,13 @@ values: rich_public: description: Example rich_rules: + http-priority: + accept: true + ipsets: + - other-ipset + priority: 15 + services: + - http ssh-csg: accept: true ipsets: diff --git a/test/integration/default/files/_mapdata/amazonlinux-2.yaml b/test/integration/default/files/_mapdata/amazonlinux-2.yaml index dcaeff6..27bf640 100644 --- a/test/integration/default/files/_mapdata/amazonlinux-2.yaml +++ b/test/integration/default/files/_mapdata/amazonlinux-2.yaml @@ -157,6 +157,13 @@ values: rich_public: description: Example rich_rules: + http-priority: + accept: true + ipsets: + - other-ipset + priority: 15 + services: + - http ssh-csg: accept: true ipsets: diff --git a/test/integration/default/files/_mapdata/arch-base-latest.yaml b/test/integration/default/files/_mapdata/arch-base-latest.yaml index 223d80c..d4c1c7c 100644 --- a/test/integration/default/files/_mapdata/arch-base-latest.yaml +++ b/test/integration/default/files/_mapdata/arch-base-latest.yaml @@ -157,6 +157,13 @@ values: rich_public: description: Example rich_rules: + http-priority: + accept: true + ipsets: + - other-ipset + priority: 15 + services: + - http ssh-csg: accept: true ipsets: diff --git a/test/integration/default/files/_mapdata/centos-7.yaml b/test/integration/default/files/_mapdata/centos-7.yaml index 55add4f..d119f69 100644 --- a/test/integration/default/files/_mapdata/centos-7.yaml +++ b/test/integration/default/files/_mapdata/centos-7.yaml @@ -157,6 +157,13 @@ values: rich_public: description: Example rich_rules: + http-priority: + accept: true + ipsets: + - other-ipset + priority: 15 + services: + - http ssh-csg: accept: true ipsets: diff --git a/test/integration/default/files/_mapdata/centos-8.yaml b/test/integration/default/files/_mapdata/centos-8.yaml index 5d4969a..1cd88fc 100644 --- a/test/integration/default/files/_mapdata/centos-8.yaml +++ b/test/integration/default/files/_mapdata/centos-8.yaml @@ -157,6 +157,13 @@ values: rich_public: description: Example rich_rules: + http-priority: + accept: true + ipsets: + - other-ipset + priority: 15 + services: + - http ssh-csg: accept: true ipsets: diff --git a/test/integration/default/files/_mapdata/debian-10.yaml b/test/integration/default/files/_mapdata/debian-10.yaml index 9d89fcc..77de862 100644 --- a/test/integration/default/files/_mapdata/debian-10.yaml +++ b/test/integration/default/files/_mapdata/debian-10.yaml @@ -157,6 +157,13 @@ values: rich_public: description: Example rich_rules: + http-priority: + accept: true + ipsets: + - other-ipset + priority: 15 + services: + - http ssh-csg: accept: true ipsets: diff --git a/test/integration/default/files/_mapdata/debian-9.yaml b/test/integration/default/files/_mapdata/debian-9.yaml index 19a8e64..260bbee 100644 --- a/test/integration/default/files/_mapdata/debian-9.yaml +++ b/test/integration/default/files/_mapdata/debian-9.yaml @@ -157,6 +157,13 @@ values: rich_public: description: Example rich_rules: + http-priority: + accept: true + ipsets: + - other-ipset + priority: 15 + services: + - http ssh-csg: accept: true ipsets: diff --git a/test/integration/default/files/_mapdata/fedora-31.yaml b/test/integration/default/files/_mapdata/fedora-31.yaml index 7838855..d380d8f 100644 --- a/test/integration/default/files/_mapdata/fedora-31.yaml +++ b/test/integration/default/files/_mapdata/fedora-31.yaml @@ -157,6 +157,13 @@ values: rich_public: description: Example rich_rules: + http-priority: + accept: true + ipsets: + - other-ipset + priority: 15 + services: + - http ssh-csg: accept: true ipsets: diff --git a/test/integration/default/files/_mapdata/fedora-32.yaml b/test/integration/default/files/_mapdata/fedora-32.yaml index ca4c18b..0e6fce9 100644 --- a/test/integration/default/files/_mapdata/fedora-32.yaml +++ b/test/integration/default/files/_mapdata/fedora-32.yaml @@ -157,6 +157,13 @@ values: rich_public: description: Example rich_rules: + http-priority: + accept: true + ipsets: + - other-ipset + priority: 15 + services: + - http ssh-csg: accept: true ipsets: diff --git a/test/integration/default/files/_mapdata/fedora-33.yaml b/test/integration/default/files/_mapdata/fedora-33.yaml index df51695..a169c51 100644 --- a/test/integration/default/files/_mapdata/fedora-33.yaml +++ b/test/integration/default/files/_mapdata/fedora-33.yaml @@ -157,6 +157,13 @@ values: rich_public: description: Example rich_rules: + http-priority: + accept: true + ipsets: + - other-ipset + priority: 15 + services: + - http ssh-csg: accept: true ipsets: diff --git a/test/integration/default/files/_mapdata/fedora-34.yaml b/test/integration/default/files/_mapdata/fedora-34.yaml index 6fa2645..9a90cfb 100644 --- a/test/integration/default/files/_mapdata/fedora-34.yaml +++ b/test/integration/default/files/_mapdata/fedora-34.yaml @@ -157,6 +157,13 @@ values: rich_public: description: Example rich_rules: + http-priority: + accept: true + ipsets: + - other-ipset + priority: 15 + services: + - http ssh-csg: accept: true ipsets: diff --git a/test/integration/default/files/_mapdata/opensuse-15.yaml b/test/integration/default/files/_mapdata/opensuse-15.yaml index ac9a402..0fd9ea1 100644 --- a/test/integration/default/files/_mapdata/opensuse-15.yaml +++ b/test/integration/default/files/_mapdata/opensuse-15.yaml @@ -157,6 +157,13 @@ values: rich_public: description: Example rich_rules: + http-priority: + accept: true + ipsets: + - other-ipset + priority: 15 + services: + - http ssh-csg: accept: true ipsets: diff --git a/test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml b/test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml index caf14c6..9a22014 100644 --- a/test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml +++ b/test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml @@ -157,6 +157,13 @@ values: rich_public: description: Example rich_rules: + http-priority: + accept: true + ipsets: + - other-ipset + priority: 15 + services: + - http ssh-csg: accept: true ipsets: diff --git a/test/integration/default/files/_mapdata/oraclelinux-7.yaml b/test/integration/default/files/_mapdata/oraclelinux-7.yaml index 38a5aae..994069f 100644 --- a/test/integration/default/files/_mapdata/oraclelinux-7.yaml +++ b/test/integration/default/files/_mapdata/oraclelinux-7.yaml @@ -157,6 +157,13 @@ values: rich_public: description: Example rich_rules: + http-priority: + accept: true + ipsets: + - other-ipset + priority: 15 + services: + - http ssh-csg: accept: true ipsets: diff --git a/test/integration/default/files/_mapdata/oraclelinux-8.yaml b/test/integration/default/files/_mapdata/oraclelinux-8.yaml index 0068502..7991c45 100644 --- a/test/integration/default/files/_mapdata/oraclelinux-8.yaml +++ b/test/integration/default/files/_mapdata/oraclelinux-8.yaml @@ -157,6 +157,13 @@ values: rich_public: description: Example rich_rules: + http-priority: + accept: true + ipsets: + - other-ipset + priority: 15 + services: + - http ssh-csg: accept: true ipsets: diff --git a/test/integration/default/files/_mapdata/ubuntu-16.yaml b/test/integration/default/files/_mapdata/ubuntu-16.yaml index fbeedc9..37b2542 100644 --- a/test/integration/default/files/_mapdata/ubuntu-16.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-16.yaml @@ -157,6 +157,13 @@ values: rich_public: description: Example rich_rules: + http-priority: + accept: true + ipsets: + - other-ipset + priority: 15 + services: + - http ssh-csg: accept: true ipsets: diff --git a/test/integration/default/files/_mapdata/ubuntu-18.yaml b/test/integration/default/files/_mapdata/ubuntu-18.yaml index dac5c61..513baee 100644 --- a/test/integration/default/files/_mapdata/ubuntu-18.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-18.yaml @@ -157,6 +157,13 @@ values: rich_public: description: Example rich_rules: + http-priority: + accept: true + ipsets: + - other-ipset + priority: 15 + services: + - http ssh-csg: accept: true ipsets: diff --git a/test/integration/default/files/_mapdata/ubuntu-20.yaml b/test/integration/default/files/_mapdata/ubuntu-20.yaml index 5d56702..1fb6d87 100644 --- a/test/integration/default/files/_mapdata/ubuntu-20.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-20.yaml @@ -157,6 +157,13 @@ values: rich_public: description: Example rich_rules: + http-priority: + accept: true + ipsets: + - other-ipset + priority: 15 + services: + - http ssh-csg: accept: true ipsets: