Commit Graph

39 Commits

Author SHA1 Message Date
Imran Iqbal
204efe5fc7
style(zone.xml): remove all trailing whitespaces 2020-04-01 19:00:37 +01:00
Imran Iqbal
d8f0f47a54
fix(zone.xml): adjust whitespacing to pass tests & macro at top of file 2020-04-01 19:00:37 +01:00
Steven Daniele
cd4cec0089 feat: allow rich_rules to be specified as a dict
When specifying rich rules as a dictionary ipsets and services can be
specified as lists. They will be expanded out by the jinja template into
individual rich rules for the parent zone.
2020-03-30 09:01:27 -04:00
Michal Hrusecky
8d0172f5c7
feat(zone.xml): allow more services definition inside zone
Now multiple sections ending with `services` can be defined for each in pillar
and all of them will get merged into one service block in the zone. The goal is
to keep backward compatibility while allowing different services to be defined
in different pillars. So basically have various parts of the pillar affecting
the firewall without need to define everything centrally. Helpful for the
exceptions to the rules.
2020-02-11 15:29:11 +01:00
Imran Iqbal
0f808d6afb
fix(yamllint): fix all errors
```bash
firewalld-formula$ yamllint -s .
./pillar.example
  2:1       warning  missing document start "---"  (document-start)
  3:12      warning  truthy value should be one of [false, true]  (truthy)
  12:13     warning  truthy value should be one of [false, true]  (truthy)
  15:89     error    line too long (108 > 88 characters)  (line-length)
  19:13     warning  truthy value should be one of [false, true]  (truthy)
  30:89     error    line too long (363 > 88 characters)  (line-length)
  96:89     error    line too long (170 > 88 characters)  (line-length)
  108:15    error    wrong indentation: expected 12 but found 14  (indentation)
  115:13    error    empty value in block mapping  (empty-values)
  116:2     error    syntax error: found character '%' that cannot start any token
  152:89    error    line too long (112 > 88 characters)  (line-length)

./firewalld/defaults.yaml
  3:1       warning  missing document start "---"  (document-start)
```
2019-11-09 08:24:55 +00:00
Imran Iqbal
de4e1915fb
fix(map.jinja): fix salt-lint errors
```bash
Examining firewalld/map.jinja of type state
[209] Jinja comment should have spaces before and after: {# comment #}
firewalld/map.jinja:4
{## Start with  defaults from defaults.yaml ##}

[209] Jinja comment should have spaces before and after: {# comment #}
firewalld/map.jinja:7
{##

[201] Trailing whitespace
firewalld/map.jinja:16
  }, grain='os_family', merge=salt['pillar.get']('firewalld:lookup'))

[209] Jinja comment should have spaces before and after: {# comment #}
firewalld/map.jinja:19
{## Merge the flavor_map to the default settings ##}

[209] Jinja comment should have spaces before and after: {# comment #}
firewalld/map.jinja:22
{## Merge in salt:lookup pillar ##}
```
2019-11-09 08:24:55 +00:00
Steven Daniele
12b696a8fe Remove name attribute in icmp-block-inversion
Firewalld does not parse the name attribute.

Log message:
firewalld[1999]: ERROR: Failed to load zone file 'public.xml':
PARSE_ERROR: icmp-block-inversion: Unexpected attribute name
2019-11-08 10:37:31 -05:00
Steven Daniele
64825e20ab Fix typo in icmp block inversion key name 2019-11-08 09:39:57 -05:00
Niels Abspoel
ae1f2453d3 add updated firewalld.conf from 0.7.1 2019-09-15 21:01:15 +01:00
N
ad37448038
feat(linux): archlinux support (no osfinger grain) 2019-08-03 14:59:08 +01:00
Niels Abspoel
a438f30f50 fix spacing in closing tags 2019-04-06 23:26:48 +02:00
Niels Abspoel
18fc482853 update service and zones with more options
update kitchen travis
fix ipsets.sls
2019-04-06 21:40:50 +02:00
Valentin Bud
d1d7a9186c Add support for inet6 ipsets. 2018-12-10 13:44:53 +02:00
Javier Bértoli
15a48462f0 Refactor backend format, add backward compatibility, simple pkg testing
See https://github.com/saltstack-formulas/firewalld-formula/pull/21#pullrequestreview-146958098
2018-08-25 19:00:11 -03:00
Javier Bértoli
d3928d1be0 Refactor ipset format, add backward compatibility
See https://github.com/saltstack-formulas/firewalld-formula/pull/21#pullrequestreview-146958098
2018-08-25 18:27:37 -03:00
Javier Bértoli
7bc3a9cdd4 Use mapped data instead of pillar.get data 2018-08-25 18:20:27 -03:00
Niels Abspoel
7c0b6aeb55 fix whitespacing 2018-08-14 19:52:08 +02:00
Niels Abspoel
36da1094b7 update firewalld formula for firewalld > 0.6 2018-08-12 20:26:21 +02:00
N
1ba51b8583 notify nosupport if SLES version < 15 2018-06-05 15:36:29 +01:00
Angelo Verona
b1d6b52307 Default file permission for firewalld.conf is 644 not 640 (CentOS). Even if I think that "others" don't need to read that, it always shows up as file with non-default permissions from default rpm package in security scans. e.g. "rpm -Va |grep ^.M" or more salty way: "salt '*' pkg.verify" / salt '*' pkg.modified firewalld mode=True; manual fix e.g. rpm --setperms firewalld-*.el7.noarch 2017-12-28 02:45:05 +01:00
Paul Williams
2fd70c9f41
Add support for using ipsets as sources in a zone
I wanted to be able to add an ipset as a source in the zone without using a rich rule.  I believe this change accomplishes that.  Tested and working on CentOS 7 (salt master and minion).
2017-11-24 18:31:17 -05:00
Javier Bértoli
141d8a4781 Add warning header to salt-generated files 2017-05-25 18:51:04 -03:00
Niels Abspoel
5904c75875 add suse_support 2017-05-25 22:41:40 +02:00
Adam Mendlik
103afc0a18 Reload, rather than restart, the FirewallD service 2017-03-11 12:51:12 -07:00
Matthew Hoover
cc617a97ef Added comment option for zone sources. 2016-09-29 22:50:55 -04:00
hoonetorg
25cdfe3bbe firewalld 0.4 settings 2016-09-19 16:02:35 +02:00
hoonetorg
9dc0a77167 implement direct rules 2016-09-13 23:25:51 +02:00
hoonetorg
b91d65d135 fix data type in zone and service template, which broke formula for 2016.3 2016-09-13 21:40:00 +02:00
Niels Abspoel
c5a01c837e add ipset support for firewalld 2016-09-03 21:43:40 +02:00
Clément Mercier
588bf5efcf change the restart, it was not effective before 2016-03-16 18:24:56 +01:00
Niels Abspoel
5fc2f58b0c improvements to formula with defaults.yaml 2016-01-19 22:15:08 +01:00
David Bezuidenhout
d55b767b91 [remove] clean-up some code, mostly code commented out 2016-01-19 17:31:29 +02:00
Niels Abspoel
e77a52cf27 fix newline to make service.xml files more readable 2015-05-25 15:30:52 +02:00
David Bezuidenhout
8afeae049f [fix] mising bracket at endfor loop at <destination ipv6 2015-03-11 16:38:54 +02:00
David Bezuidenhout
941b2768b1 [fix] service definition in rich rules - thx jdreese on Github 2015-03-11 16:17:29 +02:00
David Bezuidenhout
847417f03e [update] jinja brackets so that resulting output on xml files are better
human readable
2015-03-11 16:04:00 +02:00
David Bezuidenhout
b584c44edc [fix] source attribute key - github issue 1 2015-03-11 15:36:06 +02:00
Will Saxon
524105e2df fix header issue 2015-01-11 03:29:46 -05:00
David Bezuidenhout
baa2afab61 Initial commit. 2014-08-23 16:44:48 +02:00