|
- # == State: firewalld.zones
- #
- # This state ensures that /etc/firewalld/zones/ exists.
- #
- {% from "firewalld/map.jinja" import firewalld with context %}
- {%- set zones = firewalld.get('zones', {}) %}
-
- directory_firewalld_zones:
- file.directory: # make sure this is a directory
- - name: /etc/firewalld/zones
- - user: root
- - group: root
- - mode: 750
- - require:
- - pkg: package_firewalld # make sure package is installed
- - require_in:
- - service: service_firewalld
- - watch_in:
- - cmd: reload_firewalld # reload firewalld config
-
- # == Define: firewalld.zones
- #
- # This defines a zone configuration, see firewalld.zone (5) man page.
- #
- {% for k, v in zones.items() %}
- {% set z_name = v.name|default(k) %}
-
- /etc/firewalld/zones/{{ z_name }}.xml:
- file.managed:
- - name: /etc/firewalld/zones/{{ z_name }}.xml
- - user: root
- - group: root
- - mode: 644
- - source: salt://firewalld/files/zone.xml
- - template: jinja
- - require:
- - pkg: package_firewalld # make sure package is installed
- - file: directory_firewalld_zones
- - require_in:
- - service: service_firewalld
- - watch_in:
- - cmd: reload_firewalld # reload firewalld config
- - context:
- name: {{ z_name }}
- zone: {{ v|json }}
-
- {% endfor %}
-
- {%- if firewalld.get('purge_zones', False) %}
- {%- set zone_names = zones.keys() %}
- {%- for file in salt['file.find']('/etc/firewalld/zones', name='*.xml', print='name', type='f') %}
-
- {%- if file.replace('.xml', '') not in zone_names %}
- /etc/firewalld/zones/{{ file }}:
- file.absent:
- - watch_in:
- - cmd: reload_firewalld
- {%- endif %}
-
- {%- endfor %}
- {%- endif %}
|