ExternalMirrors
/
firewalld-formula
mirror of https://github.com/saltstack-formulas/firewalld-formula
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 14 Wiki Activity
Browse Source

feat(rich-rules): add priority to rich rules 

fixes #51
tags/v1.3.0
Steven Daniele 3 years ago
parent
abbfe162a1
commit
9c2b41d0f9
21 changed files with 140 additions and 6 deletions
Unified View Show Diff Stats
  1. +2
    -6
      firewalld/files/zone.xml
  2. +7
    -0
      pillar.example
  3. +5
    -0
      test/integration/default/controls/zones_spec.rb
  4. +7
    -0
      test/integration/default/files/_mapdata/amazonlinux-1.yaml
  5. +7
    -0
      test/integration/default/files/_mapdata/amazonlinux-2.yaml
  6. +7
    -0
      test/integration/default/files/_mapdata/arch-base-latest.yaml
  7. +7
    -0
      test/integration/default/files/_mapdata/centos-7.yaml
  8. +7
    -0
      test/integration/default/files/_mapdata/centos-8.yaml
  9. +7
    -0
      test/integration/default/files/_mapdata/debian-10.yaml
  10. +7
    -0
      test/integration/default/files/_mapdata/debian-9.yaml
  11. +7
    -0
      test/integration/default/files/_mapdata/fedora-31.yaml
  12. +7
    -0
      test/integration/default/files/_mapdata/fedora-32.yaml
  13. +7
    -0
      test/integration/default/files/_mapdata/fedora-33.yaml
  14. +7
    -0
      test/integration/default/files/_mapdata/fedora-34.yaml
  15. +7
    -0
      test/integration/default/files/_mapdata/opensuse-15.yaml
  16. +7
    -0
      test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml
  17. +7
    -0
      test/integration/default/files/_mapdata/oraclelinux-7.yaml
  18. +7
    -0
      test/integration/default/files/_mapdata/oraclelinux-8.yaml
  19. +7
    -0
      test/integration/default/files/_mapdata/ubuntu-16.yaml
  20. +7
    -0
      test/integration/default/files/_mapdata/ubuntu-18.yaml
  21. +7
    -0
      test/integration/default/files/_mapdata/ubuntu-20.yaml

+ 2
- 6
firewalld/files/zone.xml View File

Do not edit this file manually, it will be overwritten! Do not edit this file manually, it will be overwritten!
Modify the salt pillar for firewalld instead Modify the salt pillar for firewalld instead
--> -->
{%- macro rich_rule(rule) -%}
{%- if 'family' in rule %}
<rule family="{{ rule.family }}">
{%- else %}
<rule>
{%- endif %}
{%- macro rich_rule(rule) %}
<rule{% if 'family' in rule %} family="{{ rule.family }}"{% endif %}{% if 'priority' in rule %} priority="{{ rule.priority }}"{% endif %}>
{%- if 'ipset' in rule %} {%- if 'ipset' in rule %}
<source ipset="{{ rule.ipset.name }}" /> <source ipset="{{ rule.ipset.name }}" />
{%- endif %} {%- endif %}

+ 7
- 0
pillar.example View File

# can be used. Special keys "ipsets" and "services", if defined, take precedence. # can be used. Special keys "ipsets" and "services", if defined, take precedence.
# They will be auto-expanded into separate rich rules per value in the list. # They will be auto-expanded into separate rich rules per value in the list.
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

+ 5
- 0
test/integration/default/controls/zones_spec.rb View File

<zone> <zone>
<short>rich_public</short> <short>rich_public</short>
<description>Example</description> <description>Example</description>
<rule priority="15">
<source ipset="other-ipset" />
<service name="http" />
<accept></accept>
</rule>
<rule> <rule>
<source ipset="fail2ban-ssh" /> <source ipset="fail2ban-ssh" />
<service name="ssh" /> <service name="ssh" />

+ 7
- 0
test/integration/default/files/_mapdata/amazonlinux-1.yaml View File

rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/amazonlinux-2.yaml View File

rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/arch-base-latest.yaml View File

rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/centos-7.yaml View File

rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/centos-8.yaml View File

rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/debian-10.yaml View File

rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/debian-9.yaml View File

rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/fedora-31.yaml View File

rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/fedora-32.yaml View File

rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/fedora-33.yaml View File

rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/fedora-34.yaml View File

rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/opensuse-15.yaml View File

rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml View File

rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/oraclelinux-7.yaml View File

rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/oraclelinux-8.yaml View File

rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/ubuntu-16.yaml View File

rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/ubuntu-18.yaml View File

rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/ubuntu-20.yaml View File

rich_public: rich_public:
description: Example description: Example
rich_rules: rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg: ssh-csg:
accept: true accept: true
ipsets: ipsets:

Write Preview
Loading…
Cancel
Save