Saltstack Official FirewallD Formula
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.

init.sls 1.4KB

10 lat temu
10 lat temu
10 lat temu
10 lat temu
10 lat temu
10 lat temu
10 lat temu
10 lat temu
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465
  1. # == State: firewalld
  2. #
  3. # This state installs/runs firewalld.
  4. #
  5. {% from "firewalld/map.jinja" import firewalld with context %}
  6. {% if salt['grains.get']('osfullname') == "SLES" and salt['grains.get']('osmajorrelease')|int < 15 %}
  7. firewalld-unsupported:
  8. test.show_notification:
  9. - text: |
  10. Firewalld is not supported on {{ grains['os'] }}
  11. See https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15/#fate-323460
  12. {% elif firewalld.enabled %}
  13. include:
  14. {% if grains.get('osfinger', '') == 'Debian-10' %}
  15. - firewalld.debian10
  16. {% endif %}
  17. - firewalld.config
  18. - firewalld.ipsets
  19. - firewalld.backend
  20. - firewalld.services
  21. - firewalld.zones
  22. - firewalld.direct
  23. # iptables service that comes with rhel/centos
  24. iptables:
  25. service.disabled:
  26. - enable: False
  27. ip6tables:
  28. service.disabled:
  29. - enable: False
  30. package_firewalld:
  31. pkg.installed:
  32. - name: {{ firewalld.package }}
  33. service_firewalld:
  34. service.running:
  35. - name: {{ firewalld.service }}
  36. - enable: True # start on boot
  37. - require:
  38. - pkg: package_firewalld
  39. - file: config_firewalld
  40. - service: iptables # ensure it's stopped
  41. - service: ip6tables # ensure it's stopped
  42. reload_firewalld:
  43. cmd.wait:
  44. - name: 'firewall-cmd --reload'
  45. - require:
  46. - service: service_firewalld
  47. {% else %}
  48. service_firewalld:
  49. service.dead:
  50. - name: {{ firewalld.service }}
  51. - enable: False # don't start on boot
  52. {% endif %}