Saltstack Official FirewallD Formula

53 lines
1.4KB

  1. # == State: firewalld.ipsets
  2. #
  3. # This state ensures that /etc/firewalld/ipsets/ exists.
  4. #
  5. {% from "firewalld/map.jinja" import firewalld with context %}
  6. {%- if salt['pillar.get']('firewalld:ipset') %}
  7. package_ipset:
  8. pkg.installed:
  9. - name: {{ firewalld.ipsetpackage }}
  10. directory_firewalld_ipsets:
  11. file.directory: # make sure this is a directory
  12. - name: /etc/firewalld/ipsets
  13. - user: root
  14. - group: root
  15. - mode: 750
  16. - require:
  17. - pkg: package_firewalld # make sure package is installed
  18. - require_in:
  19. - service: service_firewalld
  20. - watch_in:
  21. - cmd: reload_firewalld # reload firewalld config
  22. # == Define: firewalld.ipsets
  23. #
  24. # This defines a ipset configuration, see firewalld.ipset (5) man page.
  25. #
  26. {% for k, v in salt['pillar.get']('firewalld:ipsets', {}).items() %}
  27. {% set z_name = v.name|default(k) %}
  28. /etc/firewalld/ipsets/{{ z_name }}.xml:
  29. file.managed:
  30. - name: /etc/firewalld/ipsets/{{ z_name }}.xml
  31. - user: root
  32. - group: root
  33. - mode: 644
  34. - source: salt://firewalld/files/ipset.xml
  35. - template: jinja
  36. - require:
  37. - pkg: package_firewalld # make sure package is installed
  38. - file: directory_firewalld_ipsets
  39. - require_in:
  40. - service: service_firewalld
  41. - watch_in:
  42. - cmd: reload_firewalld # reload firewalld config
  43. - context:
  44. name: {{ z_name }}
  45. ipset: {{ v }}
  46. {% endfor %}
  47. {%- endif %}