Saltstack Official FirewallD Formula
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.

init.sls 1.3KB

10 lat temu
10 lat temu
10 lat temu
10 lat temu
10 lat temu
10 lat temu
10 lat temu
10 lat temu
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162
  1. # == State: firewalld
  2. #
  3. # This state installs/runs firewalld.
  4. #
  5. {% from "firewalld/map.jinja" import firewalld with context %}
  6. {% if salt['grains.get']('osfullname') == "SLES" and salt['grains.get']('osmajorrelease')|int < 15 %}
  7. firewalld-unsupported:
  8. test.show_notification:
  9. - text: |
  10. Firewalld is not supported on {{ grains['os'] }}
  11. See https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15/#fate-323460
  12. {% elif firewalld.enabled %}
  13. include:
  14. - firewalld.config
  15. - firewalld.ipsets
  16. - firewalld.backend
  17. - firewalld.services
  18. - firewalld.zones
  19. - firewalld.direct
  20. # iptables service that comes with rhel/centos
  21. iptables:
  22. service.disabled:
  23. - enable: False
  24. ip6tables:
  25. service.disabled:
  26. - enable: False
  27. package_firewalld:
  28. pkg.installed:
  29. - name: {{ firewalld.package }}
  30. service_firewalld:
  31. service.running:
  32. - name: {{ firewalld.service }}
  33. - enable: True # start on boot
  34. - require:
  35. - pkg: package_firewalld
  36. - file: config_firewalld
  37. - service: iptables # ensure it's stopped
  38. - service: ip6tables # ensure it's stopped
  39. reload_firewalld:
  40. cmd.wait:
  41. - name: 'firewall-cmd --reload'
  42. - require:
  43. - service: service_firewalld
  44. {% else %}
  45. service_firewalld:
  46. service.dead:
  47. - name: {{ firewalld.service }}
  48. - enable: False # don't start on boot
  49. {% endif %}