feat(zone.xml): allow more services definition inside zone

Now multiple sections ending with `services` can be defined for each in pillar
and all of them will get merged into one service block in the zone. The goal is
to keep backward compatibility while allowing different services to be defined
in different pillars. So basically have various parts of the pillar affecting
the firewall without need to define everything centrally. Helpful for the
exceptions to the rules.
This commit is contained in:
Michal Hrusecky 2020-02-11 15:10:45 +01:00
parent 0b82e43a15
commit 8d0172f5c7
No known key found for this signature in database
GPG Key ID: 8B425CF10D88CF07
2 changed files with 9 additions and 5 deletions

View File

@ -33,11 +33,13 @@
{%- endif %} {%- endif %}
{%- endfor %} {%- endfor %}
{%- endif %} {%- endif %}
{%- if 'services' in zone %} {%- for k,val in zone.items() %}
{%- for v in zone.services %} {%- if k.endswith("services") %}
{%- for v in val %}
<service name="{{ v }}" /> <service name="{{ v }}" />
{%- endfor %} {%- endfor %}
{%- endif %} {%- endif %}
{%- endfor %}
{%- if 'ports' in zone %} {%- if 'ports' in zone %}
{%- for v in zone.ports %} {%- for v in zone.ports %}
{%- if 'comment' in v %} {%- if 'comment' in v %}

View File

@ -107,10 +107,12 @@ firewalld:
are accepted. are accepted.
services: services:
- http - http
- zabbixcustom
- https - https
- ssh - ssh
- salt-minion - salt-minion
# Anything in zone definition ending with services will get merged into services
other_services:
- zabbixcustom
protocols: protocols:
- igmp - igmp
rich_rules: rich_rules: