salt
/
firewalld-formula
forked from ExternalMirrors/firewalld-formula
Watch 2
Star 0
Fork 0
Code Releases 2 Activity
Browse Source

Refactor ipset format, add backward compatibility 

See https://github.com/saltstack-formulas/firewalld-formula/pull/21#pullrequestreview-146958098
tags/v0.6.2
Javier Bértoli 6 years ago
parent
7bc3a9cdd4
commit
d3928d1be0
3 changed files with 51 additions and 9 deletions
Unified View Show Diff Stats
  1. +11
    -2
      firewalld/defaults.yaml
  2. +36
    -5
      firewalld/ipsets.sls
  3. +4
    -2
      pillar.example

+ 11
- 2
firewalld/defaults.yaml View File

# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# vim: ft=yaml # vim: ft=yaml
firewalld: firewalld:
enabled: true
package: firewalld package: firewalld
ipsetpackage: ipset
backendpackage: nftables
service: firewalld service: firewalld
config: /etc/firewalld.conf config: /etc/firewalld.conf

ipset:
manage: true
pkg: ipset

backend:
manage: true
pkg: nftables

ipsets: {}

+ 36
- 5
firewalld/ipsets.sls View File

# #
{% from "firewalld/map.jinja" import firewalld with context %} {% from "firewalld/map.jinja" import firewalld with context %}


{%- if salt['pillar.get']('firewalld:ipset') %}
# Backward compatibility setting and deprecation notices
{% set ipset_manage = false %}
{% set ipset_pkg = 'ipset' %}
{% set ipset_sets = firewalld.ipsets %}

{% if firewalld.ipset is mapping %}
{% set ipset_manage = firewalld.ipset.manage %}
{% set ipset_pkg = firewalld.ipset.pkg %}
{% else %}
### Manage setting (old firewalld:ipset)
firewalld-ipset-deprecated:
test.show_notification:
- text: |
'firewalld:ipset' format has changed and setting it as boolean is deprecated.
Set 'firewalld:ipset:manage' instead.
See firewalld/pillar.example for more information

{% set ipset_manage = firewalld.ipset %}
{% endif %}

### Package setting (old firewalld:ipsetpackage)
{% if firewalld.ipsetpackage is defined %}
firewalld-ipsetpackage-deprecated:
test.show_notification:
- text: |
'firewalld:ipsetpackage' is deprecated. Use 'firewalld:ipset:pkg' instead
See firewalld/pillar.example for more information

{% set ipset_pkg = firewalld.ipsetpackage %}
{% endif %}

{%- if ipset_manage %}
package_ipset: package_ipset:
pkg.installed: pkg.installed:
- name: {{ firewalld.ipsetpackage }}
- name: {{ ipset_pkg }}


directory_firewalld_ipsets: directory_firewalld_ipsets:
file.directory: # make sure this is a directory file.directory: # make sure this is a directory
# #
# This defines a ipset configuration, see firewalld.ipset (5) man page. # This defines a ipset configuration, see firewalld.ipset (5) man page.
# #
{% for k, v in salt['pillar.get']('firewalld:ipsets', {}).items() %}
{% set z_name = v.name|default(k) %}
{% for k, v in ipset_sets.items() %}
{% set z_name = v.name|default(k) %}


/etc/firewalld/ipsets/{{ z_name }}.xml: /etc/firewalld/ipsets/{{ z_name }}.xml:
file.managed: file.managed:
name: {{ z_name }} name: {{ z_name }}
ipset: {{ v }} ipset: {{ v }}


{% endfor %}
{% endfor %}
{%- endif %} {%- endif %}

+ 4
- 2
pillar.example View File

# FirewallD pillar examples: # FirewallD pillar examples:
firewalld: firewalld:
enabled: True enabled: True
ipset: True
ipset:
manage: True
pkg: ipset

installbackend: False installbackend: False
default_zone: public default_zone: public


entries: entries:
- 10.0.0.1 - 10.0.0.1



zones: zones:
public: public:
short: Public short: Public

Write Preview
Loading…
Cancel
Save