Saltstack Official FirewallD Formula
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.

62 lines
1.6KB

  1. # == State: firewalld.zones
  2. #
  3. # This state ensures that /etc/firewalld/zones/ exists.
  4. #
  5. {% from "firewalld/map.jinja" import firewalld with context %}
  6. {%- set zones = firewalld.get('zones', {}) %}
  7. directory_firewalld_zones:
  8. file.directory: # make sure this is a directory
  9. - name: /etc/firewalld/zones
  10. - user: root
  11. - group: root
  12. - mode: 750
  13. - require:
  14. - pkg: package_firewalld # make sure package is installed
  15. - require_in:
  16. - service: service_firewalld
  17. - watch_in:
  18. - cmd: reload_firewalld # reload firewalld config
  19. # == Define: firewalld.zones
  20. #
  21. # This defines a zone configuration, see firewalld.zone (5) man page.
  22. #
  23. {% for k, v in zones.items() %}
  24. {% set z_name = v.name|default(k) %}
  25. /etc/firewalld/zones/{{ z_name }}.xml:
  26. file.managed:
  27. - name: /etc/firewalld/zones/{{ z_name }}.xml
  28. - user: root
  29. - group: root
  30. - mode: 644
  31. - source: salt://firewalld/files/zone.xml
  32. - template: jinja
  33. - require:
  34. - pkg: package_firewalld # make sure package is installed
  35. - file: directory_firewalld_zones
  36. - require_in:
  37. - service: service_firewalld
  38. - watch_in:
  39. - cmd: reload_firewalld # reload firewalld config
  40. - context:
  41. name: {{ z_name }}
  42. zone: {{ v|json }}
  43. {% endfor %}
  44. {%- if firewalld.get('purge_zones', False) %}
  45. {%- set zone_names = zones.keys() %}
  46. {%- for file in salt['file.find']('/etc/firewalld/zones', name='*.xml', print='name', type='f') %}
  47. {%- if file.replace('.xml', '') not in zone_names %}
  48. /etc/firewalld/zones/{{ file }}:
  49. file.absent:
  50. - watch_in:
  51. - cmd: reload_firewalld
  52. {%- endif %}
  53. {%- endfor %}
  54. {%- endif %}