Saltstack Official FirewallD Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

пре 10 година
пре 10 година
пре 10 година
пре 10 година
пре 10 година
пре 10 година
пре 10 година
пре 10 година
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859
  1. # == State: firewalld.zones
  2. #
  3. # This state ensures that /etc/firewalld/zones/ exists.
  4. #
  5. {% from "firewalld/map.jinja" import firewalld with context %}
  6. directory_firewalld_zones:
  7. file.directory: # make sure this is a directory
  8. - name: /etc/firewalld/zones
  9. - user: root
  10. - group: root
  11. - mode: 750
  12. - require:
  13. - pkg: package_firewalld # make sure package is installed
  14. - require_in:
  15. - service: service_firewalld
  16. - watch_in:
  17. - cmd: reload_firewalld # reload firewalld config
  18. # == Define: firewalld.zones
  19. #
  20. # This defines a zone configuration, see firewalld.zone (5) man page.
  21. #
  22. {% for k, v in salt['pillar.get']('firewalld:zones', {}).items() %}
  23. {% set z_name = v.name|default(k) %}
  24. /etc/firewalld/zones/{{ z_name }}.xml:
  25. file.managed:
  26. - name: /etc/firewalld/zones/{{ z_name }}.xml
  27. - user: root
  28. - group: root
  29. - mode: 644
  30. - source: salt://firewalld/files/zone.xml
  31. - template: jinja
  32. - require:
  33. - pkg: package_firewalld # make sure package is installed
  34. - file: directory_firewalld_zones
  35. - require_in:
  36. - service: service_firewalld
  37. - watch_in:
  38. - cmd: reload_firewalld # reload firewalld config
  39. - context:
  40. name: {{ z_name }}
  41. zone: {{ v|json }}
  42. {% endfor %}
  43. {%- if firewalld.get('purge_zones', False) %}
  44. {%- for file in salt['file.find']('/etc/firewalld/zones', name='*.xml', print='name', type='f') %}
  45. {%- if file.replace('.xml', '') not in firewalld.get('zones', {}).keys() %}
  46. /etc/firewalld/zones/{{ file }}:
  47. file.absent:
  48. - watch_in:
  49. - cmd: reload_firewalld
  50. {%- endif %}
  51. {%- endfor %}
  52. {%- endif %}