From a50bbcf867c4cf1cb5e384a8eacf570aba13317a Mon Sep 17 00:00:00 2001
From: Jonas Forsberg <jonas.forsberg@suse.com>
Date: Thu, 23 Sep 2021 11:50:53 +0200
Subject: [PATCH] .

---
 salt/states/firewalld/init.sls | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/salt/states/firewalld/init.sls b/salt/states/firewalld/init.sls
index ac40df5..63367c4 100644
--- a/salt/states/firewalld/init.sls
+++ b/salt/states/firewalld/init.sls
@@ -5,6 +5,7 @@ Configure firewalld for external interface:
     - prune_ports: True
     - prune_services: True
     - prune_interfaces: True
+    - prune_sources: True
     - interfaces:
       - {{ pillar['network']['interface']['external'] }}
     - services:
@@ -16,8 +17,11 @@ Configure firewalld for internal network:
     - prune_ports: True
     - prune_services: True
     - prune_interfaces: True
+    - prune_sources: True
     - interfaces:
       - {{ pillar['network']['interface']['internal'] }}
+    - sources:
+      - {{ pillar['network']['netaddress'] }}/{{ pillar['network']['netmask'] }}
     - services:
       - ssh
       - dhcp
@@ -29,14 +33,21 @@ Configure firewalld for internal network:
 
 Configure firewalld for vlan networks:
   firewalld.present:
-    - name: internal
+    - name: public
     - prune_ports: True
     - prune_services: True
     - prune_interfaces: True
+    - prune_sources: True
     - interfaces:
       {% for vlan in pillar['network']['vlan'] -%}
       - vlan.{{ vlan['id'] }}
       {% endfor %}
+    - sources:
+      {% for vlan in pillar['network']['vlan'] -%}
+      {% set ip = vlan['address'] -%}
+      {% set netmask = vlan['netmask'] -%}
+      - {{ ip[0:-1] }}0/{{ netmask }}
+      {% endfor %}
     - services:
       - ssh
       - dhcp