ExternalMirrors
/
firewalld-formula
mirror of https://github.com/saltstack-formulas/firewalld-formula
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 14 Wiki Activity
Browse Source

feat(rich-rules): add priority to rich rules 

fixes #51
tags/v1.3.0
Steven Daniele 3 years ago
parent
abbfe162a1
commit
9c2b41d0f9
21 changed files with 140 additions and 6 deletions
Split View Show Diff Stats
  1. +2
    -6
      firewalld/files/zone.xml
  2. +7
    -0
      pillar.example
  3. +5
    -0
      test/integration/default/controls/zones_spec.rb
  4. +7
    -0
      test/integration/default/files/_mapdata/amazonlinux-1.yaml
  5. +7
    -0
      test/integration/default/files/_mapdata/amazonlinux-2.yaml
  6. +7
    -0
      test/integration/default/files/_mapdata/arch-base-latest.yaml
  7. +7
    -0
      test/integration/default/files/_mapdata/centos-7.yaml
  8. +7
    -0
      test/integration/default/files/_mapdata/centos-8.yaml
  9. +7
    -0
      test/integration/default/files/_mapdata/debian-10.yaml
  10. +7
    -0
      test/integration/default/files/_mapdata/debian-9.yaml
  11. +7
    -0
      test/integration/default/files/_mapdata/fedora-31.yaml
  12. +7
    -0
      test/integration/default/files/_mapdata/fedora-32.yaml
  13. +7
    -0
      test/integration/default/files/_mapdata/fedora-33.yaml
  14. +7
    -0
      test/integration/default/files/_mapdata/fedora-34.yaml
  15. +7
    -0
      test/integration/default/files/_mapdata/opensuse-15.yaml
  16. +7
    -0
      test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml
  17. +7
    -0
      test/integration/default/files/_mapdata/oraclelinux-7.yaml
  18. +7
    -0
      test/integration/default/files/_mapdata/oraclelinux-8.yaml
  19. +7
    -0
      test/integration/default/files/_mapdata/ubuntu-16.yaml
  20. +7
    -0
      test/integration/default/files/_mapdata/ubuntu-18.yaml
  21. +7
    -0
      test/integration/default/files/_mapdata/ubuntu-20.yaml

+ 2
- 6
firewalld/files/zone.xml View File

@@ -4,12 +4,8 @@
Do not edit this file manually, it will be overwritten!
Modify the salt pillar for firewalld instead
-->
{%- macro rich_rule(rule) -%}
{%- if 'family' in rule %}
<rule family="{{ rule.family }}">
{%- else %}
<rule>
{%- endif %}
{%- macro rich_rule(rule) %}
<rule{% if 'family' in rule %} family="{{ rule.family }}"{% endif %}{% if 'priority' in rule %} priority="{{ rule.priority }}"{% endif %}>
{%- if 'ipset' in rule %}
<source ipset="{{ rule.ipset.name }}" />
{%- endif %}

+ 7
- 0
pillar.example View File

@@ -167,6 +167,13 @@ firewalld:
# can be used. Special keys "ipsets" and "services", if defined, take precedence.
# They will be auto-expanded into separate rich rules per value in the list.
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 5
- 0
test/integration/default/controls/zones_spec.rb View File

@@ -63,6 +63,11 @@ control 'zones/rich_public.xml configuration' do
<zone>
<short>rich_public</short>
<description>Example</description>
<rule priority="15">
<source ipset="other-ipset" />
<service name="http" />
<accept></accept>
</rule>
<rule>
<source ipset="fail2ban-ssh" />
<service name="ssh" />

+ 7
- 0
test/integration/default/files/_mapdata/amazonlinux-1.yaml View File

@@ -150,6 +150,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/amazonlinux-2.yaml View File

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/arch-base-latest.yaml View File

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/centos-7.yaml View File

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/centos-8.yaml View File

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/debian-10.yaml View File

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/debian-9.yaml View File

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/fedora-31.yaml View File

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/fedora-32.yaml View File

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/fedora-33.yaml View File

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/fedora-34.yaml View File

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/opensuse-15.yaml View File

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml View File

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/oraclelinux-7.yaml View File

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/oraclelinux-8.yaml View File

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/ubuntu-16.yaml View File

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/ubuntu-18.yaml View File

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/ubuntu-20.yaml View File

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

Write Preview
Loading…
Cancel
Save