35 lines
784 B
Text
35 lines
784 B
Text
iptables:
|
|
pkg.installed:
|
|
- name: iptables
|
|
|
|
firewalld:
|
|
pkg.installed:
|
|
- name: firewalld
|
|
service.running:
|
|
- enable: true
|
|
- watch:
|
|
- file: /etc/firewalld/zones/*
|
|
|
|
#salt minion should be restarted when firewall changes to ensure it's up properly
|
|
fwd-minion:
|
|
service.running:
|
|
- name: salt-minion
|
|
- watch:
|
|
- file: /etc/firewalld/zones/*
|
|
|
|
{##ensure that firewalld pillar exists##}
|
|
{%- if pillar['firewalld'] is defined -%}
|
|
|
|
{##set up zone files for this server##}
|
|
{%- for zone in pillar['firewalld'] %}
|
|
/etc/firewalld/zones/{{ zone }}.xml:
|
|
file.managed:
|
|
- source: salt://systems/core/firewalld/zone.xml
|
|
- user: root
|
|
- group: root
|
|
- mode: 644
|
|
- template: jinja
|
|
- context:
|
|
zone: {{ zone }}
|
|
{%- endfor %}
|
|
{%- endif %}
|