Saltstack Official FirewallD Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

60 lines
1.6KB

  1. # == State: firewalld.zones
  2. #
  3. # This state ensures that /etc/firewalld/zones/ exists.
  4. #
  5. {% from "firewalld/map.jinja" import firewalld with context %}
  6. directory_firewalld_zones:
  7. file.directory: # make sure this is a directory
  8. - name: /etc/firewalld/zones
  9. - user: root
  10. - group: root
  11. - mode: 750
  12. - require:
  13. - pkg: package_firewalld # make sure package is installed
  14. - require_in:
  15. - service: service_firewalld
  16. - watch_in:
  17. - cmd: reload_firewalld # reload firewalld config
  18. # == Define: firewalld.zones
  19. #
  20. # This defines a zone configuration, see firewalld.zone (5) man page.
  21. #
  22. {% for k, v in salt['pillar.get']('firewalld:zones', {}).items() %}
  23. {% set z_name = v.name|default(k) %}
  24. /etc/firewalld/zones/{{ z_name }}.xml:
  25. file.managed:
  26. - name: /etc/firewalld/zones/{{ z_name }}.xml
  27. - user: root
  28. - group: root
  29. - mode: 644
  30. - source: salt://firewalld/files/zone.xml
  31. - template: jinja
  32. - require:
  33. - pkg: package_firewalld # make sure package is installed
  34. - file: directory_firewalld_zones
  35. - require_in:
  36. - service: service_firewalld
  37. - watch_in:
  38. - cmd: reload_firewalld # reload firewalld config
  39. - context:
  40. name: {{ z_name }}
  41. zone: {{ v|json }}
  42. {% endfor %}
  43. {%- if firewalld.get('purge_zones', False) %}
  44. {%- for file in salt['file.find']('/etc/firewalld/zones', name='*.xml', print='name', type='f') %}
  45. {%- if file.replace('.xml', '') not in firewalld.get('zones', {}).keys() %}
  46. /etc/firewalld/zones/{{ file }}:
  47. file.absent:
  48. - watch_in:
  49. - cmd: reload_firewalld
  50. {%- endif %}
  51. {%- endfor %}
  52. {%- endif %}