Merge pull request #21 from aboe76/update_config_6.x

update firewalld formula for firewalld > 0.6

firewalld/backend.sls

+# == State: firewalld.backends
+#
+# This state ensures that /etc/firewalld/backends/ exists.
+#
+{% from "firewalld/map.jinja" import firewalld with context %}
+
+{%- if salt['pillar.get']('firewalld:installbackend') %}
+package_backend:
+  pkg.installed:
+    - name: {{ firewalld.backendpackage }}
+{%- endif %}

firewalld/defaults.yaml

 firewalld:
   package: firewalld
   ipsetpackage: ipset
+  backendpackage: nftables
   service: firewalld
   config: /etc/firewalld.conf

firewalld/files/firewalld.conf

 # Default: off
 LogDenied={{ firewalld.LogDenied|default('off') }}
 {%- endif %}
+{%- if firewalld.get('AutomaticHelpers', False) %}
+
+# AutomaticHelpers
+# For the secure use of iptables and connection tracking helpers it is
+# recommended to turn AutomaticHelpers off. But this might have side effects on
+# other services using the netfilter helpers as the sysctl setting in
+# /proc/sys/net/netfilter/nf_conntrack_helper will be changed.
+# With the system setting, the default value set in the kernel or with sysctl
+# will be used. Possible values are: yes, no and system.
+# Default: system
+AutomaticHelpers={{ firewalld.AutomaticHelpers|default('sytem') }}
+{%- endif %}
+{%- if firewalld.get('FirewallBackend', False) %}
+
+# FirewallBackend
+# Selects the firewall backend implementation.
+# Choices are:
+#	- nftables (default)
+#	- iptables (iptables, ip6tables, ebtables and ipset)
+FirewallBackend={{ firewalld.FirewallBackend|default('nftables') }}
+{%- endif %}

firewalld/init.sls

 include:
   - firewalld.config
   - firewalld.ipsets
+  - firewalld.backend
   - firewalld.services
   - firewalld.zones
   - firewalld.direct

pillar.example

 firewalld:
   enabled: True
   ipset: True
+  installbackend: False
   default_zone: public
 
   services: