salt.states.firewalld usage

312 views
Skip to first unread message

Shanmuga Raj

unread,
Sep 4, 2017, 6:13:21 PM9/4/17
to Salt-users
Hello Group, I am new here and to Saltstack. I am creating salt state to configure firewalld settings.


firewalld_internal:

   firewalld.present:

     - name: internal

     - interfaces:

       - enp2s0

     - masquerade: True

     - services:

       - dhcpv6-client

       - mdns

       - samba-client

       - ssh


firewalld_external:

   firewalld.present:

     - name: external

     - interfaces:

       - enp3s0

     - masquerade: True


1. Is there a way add a rich rule to firewalld using salt.states.firewalld ? 

  I have a rule as below, how can this be defined in a SLS state file?

"rule family="ipv4" forward-port port="32400" protocol="tcp" to-port="32400" to-addr="192.168.0.123" log prefix="plex-" level="info" limit value="1/m"


I see port_fwd in saltstack documentation, but this doesn't seem to be for rich rules, rather for simple port forwarding. 


2. Is there a way to define a particular service state as NOT present? 


Thank you


Viet Hung Nguyen

unread,
Sep 6, 2017, 12:44:33 PM9/6/17
to Salt-users
Hello,
I don't have explicit experiences with this state module. But due to the code, here are answers:

> Is there a way to define a particular service state as NOT present?

No a direct way.
There are only 2 public functions in this module:
the main one is `present` https://github.com/saltstack/salt/blob/v2017.7.1/salt/states/firewalld.py#L154

It will make sure thing... presented.

Not like most of other state modules, which have the counter-part absent, to make something "absent". So you can write code yourself to add that absent function.

The workaround way and I understand, you can define service tobe present, then remove it, this code will remove it if it found out you removed a service from the list:

https://github.com/saltstack/salt/blob/v2017.7.1/salt/states/firewalld.py#L523

that is a dirty - side effect way, I would not recommend that.

> 1. Is there a way add a rich rule to firewalld using salt.states.firewalld ?
https://github.com/saltstack/salt/blob/v2017.7.1/salt/states/firewalld.py#L606

Looks like it is rich rule.

Make sure you are using the version that has the code, my links above  point to 2017.7.1

--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/salt-users/2fa2f766-8928-435b-8d10-4b05a72a5d3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
Thanks & Best regards,
Nguyen Viet Hung (Mr) [a.k.a HVN]

Mobile: 0982090290

Reply all
Reply to author
Forward
0 new messages