Saltstack Official FirewallD Formula

50 satır
1.4KB

  1. # == State: firewalld.services
  2. #
  3. # This state ensures that /etc/firewalld/services/ exists.
  4. #
  5. {% from "firewalld/map.jinja" import firewalld with context %}
  6. directory_firewalld_services:
  7. file.directory: # make sure this is a directory
  8. - name: /etc/firewalld/services
  9. - user: root
  10. - group: root
  11. - mode: 750
  12. - require:
  13. - pkg: package_firewalld # make sure package is installed
  14. - require_in:
  15. - service: service_firewalld
  16. - watch_in:
  17. - cmd: reload_firewalld # reload firewalld config
  18. # == Define: firewalld.services
  19. #
  20. # This defines a service configuration, see firewalld.service (5) man page.
  21. # You usually don't need this, you can simply add ports to zone.
  22. {% for k, v in salt['pillar.get']('firewalld:services', {}).items() %}
  23. {% set s_name = v.name|default(k) %}
  24. /etc/firewalld/services/{{ s_name }}.xml:
  25. file:
  26. - managed
  27. - name: /etc/firewalld/services/{{ s_name }}.xml
  28. - user: root
  29. - group: root
  30. - mode: 644
  31. - source: salt://firewalld/files/service.xml
  32. - template: jinja
  33. - require:
  34. - pkg: package_firewalld # make sure package is installed
  35. - file: directory_firewalld_services
  36. - require_in:
  37. - service: service_firewalld
  38. - watch_in:
  39. - cmd: reload_firewalld # reload firewalld config
  40. - context:
  41. name: {{ s_name }}
  42. service: {{ v|json }}
  43. {% endfor %}