Steven Daniele
12b696a8fe
Remove name attribute in icmp-block-inversion
Firewalld does not parse the name attribute.
Log message:
firewalld[1999]: ERROR: Failed to load zone file 'public.xml':
PARSE_ERROR: icmp-block-inversion: Unexpected attribute name
5 anos atrás
Steven Daniele
64825e20ab
Fix typo in icmp block inversion key name
5 anos atrás
Niels Abspoel
ae1f2453d3
add updated firewalld.conf from 0.7.1
5 anos atrás
N
ad37448038
feat(linux): archlinux support (no osfinger grain)
5 anos atrás
Niels Abspoel
a438f30f50
fix spacing in closing tags
5 anos atrás
Niels Abspoel
18fc482853
update service and zones with more options
update kitchen travis
fix ipsets.sls
5 anos atrás
Valentin Bud
d1d7a9186c
Add support for inet6 ipsets.
6 anos atrás
Javier Bértoli
15a48462f0
Refactor backend format, add backward compatibility, simple pkg testing
See https://github.com/saltstack-formulas/firewalld-formula/pull/21#pullrequestreview-146958098
6 anos atrás
Javier Bértoli
d3928d1be0
Refactor ipset format, add backward compatibility
See https://github.com/saltstack-formulas/firewalld-formula/pull/21#pullrequestreview-146958098
6 anos atrás
Javier Bértoli
7bc3a9cdd4
Use mapped data instead of pillar.get data
6 anos atrás
Niels Abspoel
7c0b6aeb55
fix whitespacing
6 anos atrás
Niels Abspoel
36da1094b7
update firewalld formula for firewalld > 0.6
6 anos atrás
N
1ba51b8583
notify nosupport if SLES version < 15
6 anos atrás
Niels Abspoel
c7f4b3a611
Revert "Fix ipset:type colon handling error"
6 anos atrás
Javier Bértoli
2fc03fbd70
Fix ipset:type colon handling error
6 anos atrás
Angelo Verona
b1d6b52307
Default file permission for firewalld.conf is 644 not 640 (CentOS). Even if I think that "others" don't need to read that, it always shows up as file with non-default permissions from default rpm package in security scans. e.g. "rpm -Va |grep ^.M" or more salty way: "salt '*' pkg.verify" / salt '*' pkg.modified firewalld mode=True; manual fix e.g. rpm --setperms firewalld-*.el7.noarch
7 anos atrás
Paul Williams
2fd70c9f41
Add support for using ipsets as sources in a zone
I wanted to be able to add an ipset as a source in the zone without using a rich rule. I believe this change accomplishes that. Tested and working on CentOS 7 (salt master and minion).
7 anos atrás
Javier Bértoli
141d8a4781
Add warning header to salt-generated files
7 anos atrás
Niels Abspoel
5904c75875
add suse_support
7 anos atrás
Adam Mendlik
103afc0a18
Reload, rather than restart, the FirewallD service
7 anos atrás
Matthew Hoover
cc617a97ef
Added comment option for zone sources.
8 anos atrás
hoonetorg
25cdfe3bbe
firewalld 0.4 settings
8 anos atrás
hoonetorg
9dc0a77167
implement direct rules
8 anos atrás
hoonetorg
b91d65d135
fix data type in zone and service template, which broke formula for 2016.3
8 anos atrás
Niels Abspoel
c5a01c837e
add ipset support for firewalld
8 anos atrás
Clément Mercier
588bf5efcf
change the restart, it was not effective before
8 anos atrás
Niels Abspoel
5fc2f58b0c
improvements to formula with defaults.yaml
8 anos atrás
David Bezuidenhout
d55b767b91
[remove] clean-up some code, mostly code commented out
8 anos atrás
Niels Abspoel
e77a52cf27
fix newline to make service.xml files more readable
9 anos atrás
David Bezuidenhout
8afeae049f
[fix] mising bracket at endfor loop at <destination ipv6
9 anos atrás
David Bezuidenhout
941b2768b1
[fix] service definition in rich rules - thx jdreese on Github
9 anos atrás
David Bezuidenhout
847417f03e
[update] jinja brackets so that resulting output on xml files are better
human readable
9 anos atrás
David Bezuidenhout
b584c44edc
[fix] source attribute key - github issue 1
9 anos atrás
Will Saxon
524105e2df
fix header issue
10 anos atrás
David Bezuidenhout
baa2afab61
Initial commit.
10 anos atrás