ExternalMirrors
/
firewalld-formula
kopia lustrzana https://github.com/saltstack-formulas/firewalld-formula
Obserwuj 1
Polub 0
Forkuj 1
Kod Zgłoszenia 0 Wydania 14 Wiki Aktywność
Saltstack Official FirewallD Formula
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.
247 Commity
1 Gałąź
Gałąź: master
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z 'master'
${ noResults }
firewalld-formula/firewalld/ipsets.sls

84 lines
2.3KB
Czysty Bezpośredni odnośnik Wina Historia 

  1. # == State: firewalld.ipsets

  2. #

  3. # This state ensures that /etc/firewalld/ipsets/ exists.

  4. #

  5. {% from "firewalld/map.jinja" import firewalld with context %}

  6. 

  7. # Backward compatibility setting and deprecation notices

  8. {% set ipset_manage = false %}

  9. {% set ipset_pkg = 'ipset' %}

  10. {% set ipset_sets = firewalld.ipsets %}

  11. 

  12. {% if firewalld.ipset is mapping %}

  13.   {% set ipset_manage = firewalld.ipset.manage %}

  14.   {% set ipset_pkg = firewalld.ipset.pkg %}

  15. {% else %}

  16. ### Manage setting (old firewalld:ipset)

  17. firewalld-ipset-deprecated:

  18.   test.show_notification:

  19.     - text: |

  20.         'firewalld:ipset' format has changed and setting it as boolean is deprecated.

  21.         Set 'firewalld:ipset:manage' instead.

  22.         See firewalld/pillar.example for more information

  23. 

  24.   {% set ipset_manage = firewalld.ipset %}

  25. {% endif %}

  26. 

  27. ### Package setting (old firewalld:ipsetpackage)

  28. {% if firewalld.ipsetpackage is defined %}

  29. firewalld-ipsetpackage-deprecated:

  30.   test.show_notification:

  31.     - text: |

  32.         'firewalld:ipsetpackage' is deprecated. Use 'firewalld:ipset:pkg' instead

  33.         See firewalld/pillar.example for more information

  34. 

  35.   {% set ipset_pkg = firewalld.ipsetpackage %}

  36. {% endif %}

  37. 

  38. {%- if ipset_manage %}

  39. package_ipset:

  40.   pkg.installed:

  41.     - name: {{ ipset_pkg }}

  42. 

  43. directory_firewalld_ipsets:

  44.   file.directory:            # make sure this is a directory

  45.     - name: /etc/firewalld/ipsets

  46.     - user: root

  47.     - group: root

  48.     - mode: 750

  49.     - require:

  50.       - pkg: package_firewalld # make sure package is installed

  51.     - require_in:

  52.       - service: service_firewalld

  53.     - watch_in:

  54.       - cmd: reload_firewalld # reload firewalld config

  55. 

  56. # == Define: firewalld.ipsets

  57. #

  58. # This defines a ipset configuration, see firewalld.ipset (5) man page.

  59. #

  60.   {% for k, v in ipset_sets.items() %}

  61.   {% set z_name = v.name|default(k) %}

  62. 

  63. /etc/firewalld/ipsets/{{ z_name }}.xml:

  64.   file.managed:

  65.     - name: /etc/firewalld/ipsets/{{ z_name }}.xml

  66.     - user: root

  67.     - group: root

  68.     - mode: 644

  69.     - source: salt://firewalld/files/ipset.xml

  70.     - template: jinja

  71.     - require:

  72.       - pkg: package_firewalld # make sure package is installed

  73.       - file: directory_firewalld_ipsets

  74.     - require_in:

  75.       - service: service_firewalld

  76.     - watch_in:

  77.       - cmd: reload_firewalld # reload firewalld config

  78.     - context:

  79.         name: {{ z_name }}

  80.         ipset: {{ v|json }}

  81. 

  82.   {% endfor %}

  83. {%- endif %}