This introduces a "purge_zones" toggle which, if enabled, ensures
zones not managed using the firewalld pillar get deleted.
Useful to enforce that only Salt managed zones exist and to clean
up pre-Salt data.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
When specifying rich rules as a dictionary ipsets and services can be
specified as lists. They will be expanded out by the jinja template into
individual rich rules for the parent zone.
Now multiple sections ending with `services` can be defined for each in pillar
and all of them will get merged into one service block in the zone. The goal is
to keep backward compatibility while allowing different services to be defined
in different pillars. So basically have various parts of the pillar affecting
the firewall without need to define everything centrally. Helpful for the
exceptions to the rules.
```bash
firewalld-formula$ yamllint -s .
./pillar.example
2:1 warning missing document start "---" (document-start)
3:12 warning truthy value should be one of [false, true] (truthy)
12:13 warning truthy value should be one of [false, true] (truthy)
15:89 error line too long (108 > 88 characters) (line-length)
19:13 warning truthy value should be one of [false, true] (truthy)
30:89 error line too long (363 > 88 characters) (line-length)
96:89 error line too long (170 > 88 characters) (line-length)
108:15 error wrong indentation: expected 12 but found 14 (indentation)
115:13 error empty value in block mapping (empty-values)
116:2 error syntax error: found character '%' that cannot start any token
152:89 error line too long (112 > 88 characters) (line-length)
./firewalld/defaults.yaml
3:1 warning missing document start "---" (document-start)
```
Georg Pfuetzenreuter
Steven Daniele
Arnaud Patard
Imran Iqbal
Michal Hrusecky
Niels Abspoel
Niels Abspoel
Valentin Bud
Javier Bértoli
N
hoonetorg
Niels Abspoel
David Bezuidenhout
David Bezuidenhout