ExternalMirrors
/
firewalld-formula
mirror of https://github.com/saltstack-formulas/firewalld-formula
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 14 Wiki Activity
Browse Source

Reload, rather than restart, the FirewallD service

tags/v0.6.2
Adam Mendlik 7 years ago
parent
112580daa1
commit
103afc0a18
7 changed files with 40 additions and 33 deletions
Unified View Show Diff Stats
  1. +0
    -2
      .kitchen.yml
  2. +4
    -5
      firewalld/config.sls
  3. +5
    -3
      firewalld/direct.sls
  4. +7
    -11
      firewalld/init.sls
  5. +8
    -4
      firewalld/ipsets.sls
  6. +8
    -4
      firewalld/services.sls
  7. +8
    -4
      firewalld/zones.sls

+ 0
- 2
.kitchen.yml View File

firewalld.sls: firewalld.sls:
firewalld: firewalld:
enabled: True enabled: True
IndividualCalls: 'no'
LogDenied: 'off'
services: services:
glusterfs: glusterfs:
short: glusterfs short: glusterfs

+ 4
- 5
firewalld/config.sls View File

- mode: 750 - mode: 750
- require: - require:
- pkg: package_firewalld # make sure package is installed - pkg: package_firewalld # make sure package is installed
- listen_in:
- module: service_firewalld # restart service


config_firewalld: config_firewalld:
file.managed: file.managed:
- require: - require:
- pkg: package_firewalld # make sure package is installed - pkg: package_firewalld # make sure package is installed
- file: directory_firewalld - file: directory_firewalld
- listen_in:
- module: service_firewalld # restart service

- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config

+ 5
- 3
firewalld/direct.sls View File



# == Define: firewalld.direct # == Define: firewalld.direct
# #
# This defines a configuration for permanent direct chains,
# This defines a configuration for permanent direct chains,
# rules and passtthroughs, see firewalld.direct (5) man page. # rules and passtthroughs, see firewalld.direct (5) man page.


{%- if firewalld.get('direct', False) %} {%- if firewalld.get('direct', False) %}
- require: - require:
- pkg: package_firewalld # make sure package is installed - pkg: package_firewalld # make sure package is installed
- file: directory_firewalld - file: directory_firewalld
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config
- context: - context:
direct: {{ firewalld.direct|json }} direct: {{ firewalld.direct|json }}
{%- endif %} {%- endif %}

+ 7
- 11
firewalld/init.sls View File

iptables: iptables:
service.disabled: service.disabled:
- enable: False - enable: False
ip6tables: ip6tables:
service.disabled: service.disabled:
- enable: False - enable: False
pkg.installed: pkg.installed:
- name: {{ firewalld.package }} - name: {{ firewalld.package }}


service_firewalld_running:
service_firewalld:
service.running: service.running:
- name: {{ firewalld.service }} - name: {{ firewalld.service }}
- enable: True # start on boot - enable: True # start on boot
- service: iptables # ensure it's stopped - service: iptables # ensure it's stopped
- service: ip6tables # ensure it's stopped - service: ip6tables # ensure it's stopped


service_firewalld:
module.wait:
- name: service.restart
- m_name: {{ firewalld.service }}
reload_firewalld:
cmd.wait:
- name: 'firewall-cmd --reload'
- require: - require:
- pkg: package_firewalld
- file: config_firewalld
- service: iptables # ensure it's stopped
- service: ip6tables # ensure it's stopped
- service: service_firewalld


{% else %} {% else %}
service_firewalld_dead:
service_firewalld:
service.dead: service.dead:
- name: {{ firewalld.service }} - name: {{ firewalld.service }}
- enable: False # don't start on boot - enable: False # don't start on boot

+ 8
- 4
firewalld/ipsets.sls View File

- mode: 750 - mode: 750
- require: - require:
- pkg: package_firewalld # make sure package is installed - pkg: package_firewalld # make sure package is installed
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config


# == Define: firewalld.ipsets # == Define: firewalld.ipsets
# #
- require: - require:
- pkg: package_firewalld # make sure package is installed - pkg: package_firewalld # make sure package is installed
- file: directory_firewalld_ipsets - file: directory_firewalld_ipsets
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config
- context: - context:
name: {{ z_name }} name: {{ z_name }}
ipset: {{ v }} ipset: {{ v }}

+ 8
- 4
firewalld/services.sls View File

- mode: 750 - mode: 750
- require: - require:
- pkg: package_firewalld # make sure package is installed - pkg: package_firewalld # make sure package is installed
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config




# == Define: firewalld.services # == Define: firewalld.services
- require: - require:
- pkg: package_firewalld # make sure package is installed - pkg: package_firewalld # make sure package is installed
- file: directory_firewalld_services - file: directory_firewalld_services
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config
- context: - context:
name: {{ s_name }} name: {{ s_name }}
service: {{ v|json }} service: {{ v|json }}

+ 8
- 4
firewalld/zones.sls View File

- mode: 750 - mode: 750
- require: - require:
- pkg: package_firewalld # make sure package is installed - pkg: package_firewalld # make sure package is installed
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config


# == Define: firewalld.zones # == Define: firewalld.zones
# #
- require: - require:
- pkg: package_firewalld # make sure package is installed - pkg: package_firewalld # make sure package is installed
- file: directory_firewalld_zones - file: directory_firewalld_zones
- listen_in:
- module: service_firewalld # restart service
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config
- context: - context:
name: {{ z_name }} name: {{ z_name }}
zone: {{ v|json }} zone: {{ v|json }}

Write Preview
Loading…
Cancel
Save