Saltstack Official FirewallD Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

67 satır
1.5KB

  1. # == State: firewalld
  2. #
  3. # This state installs/runs firewalld.
  4. #
  5. {% from "firewalld/map.jinja" import firewalld with context %}
  6. {% if salt['grains.get']('osfullname') == "SLES" and salt['grains.get']('osmajorrelease')|int < 15 %}
  7. firewalld-unsupported:
  8. test.show_notification:
  9. - text: |
  10. Firewalld is not supported on {{ grains['os'] }}
  11. See https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15/#fate-323460
  12. {% elif firewalld.enabled %}
  13. include:
  14. {% if grains.get('osfinger', '') == 'Debian-10' %}
  15. - firewalld.debian10
  16. {% endif %}
  17. - firewalld.config
  18. - firewalld.ipsets
  19. - firewalld.backend
  20. - firewalld.services
  21. - firewalld.zones
  22. - firewalld.policies
  23. - firewalld.direct
  24. # iptables service that comes with rhel/centos
  25. iptables:
  26. service.disabled:
  27. - enable: False
  28. ip6tables:
  29. service.disabled:
  30. - enable: False
  31. package_firewalld:
  32. pkg.installed:
  33. - name: {{ firewalld.package }}
  34. service_firewalld:
  35. service.running:
  36. - name: {{ firewalld.service }}
  37. - enable: True # start on boot
  38. - require:
  39. - pkg: package_firewalld
  40. - file: config_firewalld
  41. - service: iptables # ensure it's stopped
  42. - service: ip6tables # ensure it's stopped
  43. reload_firewalld:
  44. cmd.wait: # noqa: 213
  45. - name: 'firewall-cmd --reload'
  46. - require:
  47. - service: service_firewalld
  48. {% else %}
  49. service_firewalld:
  50. service.dead:
  51. - name: {{ firewalld.service }}
  52. - enable: False # don't start on boot
  53. {% endif %}