tlu/salt/states/firewalld/init.sls

67 lines
1.6 KiB
Plaintext
Raw Normal View History

2021-10-12 13:00:09 +00:00
Configure wireguard service:
firewalld.service:
- name: wireguard
- ports:
- {{ pillar['wireguard']['port'] }}/udp
2021-09-22 14:33:46 +00:00
Configure firewalld for external interface:
firewalld.present:
- name: external
- masquerade: True
- prune_ports: True
- prune_services: True
- prune_interfaces: True
2021-09-23 09:50:53 +00:00
- prune_sources: True
2021-09-22 14:33:46 +00:00
- interfaces:
- {{ pillar['network']['interface']['external'] }}
- services:
- ssh
2021-10-12 13:00:09 +00:00
- wireguard
2021-09-22 14:33:46 +00:00
2021-09-23 09:23:59 +00:00
Configure firewalld for internal network:
2021-09-22 14:33:46 +00:00
firewalld.present:
- name: internal
- prune_ports: True
- prune_services: True
- prune_interfaces: True
2021-09-23 09:50:53 +00:00
- prune_sources: True
2021-09-22 14:33:46 +00:00
- interfaces:
- {{ pillar['network']['interface']['internal'] }}
2021-10-12 13:00:09 +00:00
- {{ pillar['wireguard']['iface'] }}
2021-09-23 09:50:53 +00:00
- sources:
- {{ pillar['network']['netaddress'] }}/{{ pillar['network']['netmask'] }}
2021-09-23 09:23:59 +00:00
- services:
- ssh
- dhcp
- tftp
- http
- https
- dns
- ntp
Configure firewalld for vlan networks:
firewalld.present:
2021-09-23 09:50:53 +00:00
- name: public
2021-09-23 09:23:59 +00:00
- prune_ports: True
- prune_services: True
- prune_interfaces: True
2021-09-23 09:50:53 +00:00
- prune_sources: True
2021-09-23 09:23:59 +00:00
- interfaces:
2021-09-22 14:33:46 +00:00
{% for vlan in pillar['network']['vlan'] -%}
- vlan.{{ vlan['id'] }}
{% endfor %}
2021-09-23 09:50:53 +00:00
- sources:
{% for vlan in pillar['network']['vlan'] -%}
{% set ip = vlan['address'] -%}
{% set netmask = vlan['netmask'] -%}
- {{ ip[0:-1] }}0/{{ netmask }}
{% endfor %}
2021-09-22 14:33:46 +00:00
- services:
- ssh
- dhcp
- tftp
- http
- https
- dns
- ntp