jonas/tlu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

.

Browse Source
This commit is contained in:
Jonas Forsberg 2021-09-23 11:50:53 +02:00
parent dbae346799
commit a50bbcf867
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
salt/states/firewalld/init.sls
View File

@ -5,6 +5,7 @@ Configure firewalld for external interface:
- prune_ports: True - prune_ports: True
- prune_services: True - prune_services: True
- prune_interfaces: True - prune_interfaces: True
- prune_sources: True
- interfaces: - interfaces:
- {{ pillar['network']['interface']['external'] }} - {{ pillar['network']['interface']['external'] }}
- services: - services:
@ -16,8 +17,11 @@ Configure firewalld for internal network:
- prune_ports: True - prune_ports: True
- prune_services: True - prune_services: True
- prune_interfaces: True - prune_interfaces: True
- prune_sources: True
- interfaces: - interfaces:
- {{ pillar['network']['interface']['internal'] }} - {{ pillar['network']['interface']['internal'] }}
- sources:
- {{ pillar['network']['netaddress'] }}/{{ pillar['network']['netmask'] }}
- services: - services:
- ssh - ssh
- dhcp - dhcp
@ -29,14 +33,21 @@ Configure firewalld for internal network:
Configure firewalld for vlan networks: Configure firewalld for vlan networks:
firewalld.present: firewalld.present:
- name: internal - name: public
- prune_ports: True - prune_ports: True
- prune_services: True - prune_services: True
- prune_interfaces: True - prune_interfaces: True
- prune_sources: True
- interfaces: - interfaces:
{% for vlan in pillar['network']['vlan'] -%} {% for vlan in pillar['network']['vlan'] -%}
- vlan.{{ vlan['id'] }} - vlan.{{ vlan['id'] }}
{% endfor %} {% endfor %}
- sources:
{% for vlan in pillar['network']['vlan'] -%}
{% set ip = vlan['address'] -%}
{% set netmask = vlan['netmask'] -%}
- {{ ip[0:-1] }}0/{{ netmask }}
{% endfor %}
- services: - services:
- ssh - ssh
- dhcp - dhcp