diff options
| author | Georg Pfuetzenreuter | 2023-01-29 17:27:58 +0100 |
|---|---|---|
| committer | Georg Pfuetzenreuter | 2023-01-29 17:27:58 +0100 |
| commit | 824baf386b006c289fe2c8ab9453504ec9859b8d (patch) | |
| tree | fdbebcf6800f1d32205a8ba0c04d3804e500fb43 /pillar/global/init.sls | |
| parent | c8aa6c6157d0eb96d2d1077e1e74720ff31c91c3 (diff) | |
| download | salt-824baf386b006c289fe2c8ab9453504ec9859b8d.tar.gz salt-824baf386b006c289fe2c8ab9453504ec9859b8d.tar.bz2 salt-824baf386b006c289fe2c8ab9453504ec9859b8d.zip | |
Firewall interface mapping logic
Detect which interfaces belong to which zones, and configure firewalld
accordingly.
Backend zone is currently only prepared and yet to be tested and
enabled.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Diffstat (limited to 'pillar/global/init.sls')
| -rw-r--r-- | pillar/global/init.sls | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/pillar/global/init.sls b/pillar/global/init.sls index 74c98ec..41794b5 100644 --- a/pillar/global/init.sls +++ b/pillar/global/init.sls @@ -1,3 +1,5 @@ +{%- from slspath ~ '/map.jinja' import firewall_interfaces, public, internal, backend %} + include: - role.salt.common - role.salt.minion @@ -15,10 +17,15 @@ zypper: firewalld: zones: internal: + {{ firewall_interfaces(internal) }} ports: - comment: node_exporter port: 9200 protocol: tcp + {%- if public | length %} + public: + {{ firewall_interfaces(public) }} + {%- endif %} {%- endif %} mine_functions: |