Merge pull request #21 from aboe76/update_config_6.x
update firewalld formula for firewalld > 0.6
This commit is contained in:
Javier Bértoli
GitHub
commit
8694a11de5
11
firewalld/backend.sls
Normal file
11
firewalld/backend.sls
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
# == State: firewalld.backends
|
||||||
|
#
|
||||||
|
# This state ensures that /etc/firewalld/backends/ exists.
|
||||||
|
#
|
||||||
|
{% from "firewalld/map.jinja" import firewalld with context %}
|
||||||
|
|
||||||
|
{%- if salt['pillar.get']('firewalld:installbackend') %}
|
||||||
|
package_backend:
|
||||||
|
pkg.installed:
|
||||||
|
- name: {{ firewalld.backendpackage }}
|
||||||
|
{%- endif %}
|
||||||
@ -3,5 +3,6 @@
|
|||||||
firewalld:
|
firewalld:
|
||||||
package: firewalld
|
package: firewalld
|
||||||
ipsetpackage: ipset
|
ipsetpackage: ipset
|
||||||
|
backendpackage: nftables
|
||||||
service: firewalld
|
service: firewalld
|
||||||
config: /etc/firewalld.conf
|
config: /etc/firewalld.conf
|
||||||
|
|||||||
@ -55,3 +55,24 @@ IndividualCalls={{ firewalld.IndividualCalls|default('no') }}
|
|||||||
# Default: off
|
# Default: off
|
||||||
LogDenied={{ firewalld.LogDenied|default('off') }}
|
LogDenied={{ firewalld.LogDenied|default('off') }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
{%- if firewalld.get('AutomaticHelpers', False) %}
|
||||||
|
|
||||||
|
# AutomaticHelpers
|
||||||
|
# For the secure use of iptables and connection tracking helpers it is
|
||||||
|
# recommended to turn AutomaticHelpers off. But this might have side effects on
|
||||||
|
# other services using the netfilter helpers as the sysctl setting in
|
||||||
|
# /proc/sys/net/netfilter/nf_conntrack_helper will be changed.
|
||||||
|
# With the system setting, the default value set in the kernel or with sysctl
|
||||||
|
# will be used. Possible values are: yes, no and system.
|
||||||
|
# Default: system
|
||||||
|
AutomaticHelpers={{ firewalld.AutomaticHelpers|default('sytem') }}
|
||||||
|
{%- endif %}
|
||||||
|
{%- if firewalld.get('FirewallBackend', False) %}
|
||||||
|
|
||||||
|
# FirewallBackend
|
||||||
|
# Selects the firewall backend implementation.
|
||||||
|
# Choices are:
|
||||||
|
# - nftables (default)
|
||||||
|
# - iptables (iptables, ip6tables, ebtables and ipset)
|
||||||
|
FirewallBackend={{ firewalld.FirewallBackend|default('nftables') }}
|
||||||
|
{%- endif %}
|
||||||
|
|||||||
@ -18,6 +18,7 @@ firewalld-unsupported:
|
|||||||
include:
|
include:
|
||||||
- firewalld.config
|
- firewalld.config
|
||||||
- firewalld.ipsets
|
- firewalld.ipsets
|
||||||
|
- firewalld.backend
|
||||||
- firewalld.services
|
- firewalld.services
|
||||||
- firewalld.zones
|
- firewalld.zones
|
||||||
- firewalld.direct
|
- firewalld.direct
|
||||||
|
|||||||
@ -2,6 +2,7 @@
|
|||||||
firewalld:
|
firewalld:
|
||||||
enabled: True
|
enabled: True
|
||||||
ipset: True
|
ipset: True
|
||||||
|
installbackend: False
|
||||||
default_zone: public
|
default_zone: public
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user