summaryrefslogtreecommitdiffstats
path: root/pillar/global/init.sls
diff options
context:
space:
mode:
authorGeorg Pfuetzenreuter2023-01-29 17:27:58 +0100
committerGeorg Pfuetzenreuter2023-01-29 17:27:58 +0100
commit824baf386b006c289fe2c8ab9453504ec9859b8d (patch)
treefdbebcf6800f1d32205a8ba0c04d3804e500fb43 /pillar/global/init.sls
parentc8aa6c6157d0eb96d2d1077e1e74720ff31c91c3 (diff)
downloadsalt-824baf386b006c289fe2c8ab9453504ec9859b8d.tar.gz
salt-824baf386b006c289fe2c8ab9453504ec9859b8d.tar.bz2
salt-824baf386b006c289fe2c8ab9453504ec9859b8d.zip
Firewall interface mapping logic
Detect which interfaces belong to which zones, and configure firewalld accordingly. Backend zone is currently only prepared and yet to be tested and enabled. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Diffstat (limited to 'pillar/global/init.sls')
-rw-r--r--pillar/global/init.sls7
1 files changed, 7 insertions, 0 deletions
diff --git a/pillar/global/init.sls b/pillar/global/init.sls
index 74c98ec..41794b5 100644
--- a/pillar/global/init.sls
+++ b/pillar/global/init.sls
@@ -1,3 +1,5 @@
+{%- from slspath ~ '/map.jinja' import firewall_interfaces, public, internal, backend %}
+
include:
- role.salt.common
- role.salt.minion
@@ -15,10 +17,15 @@ zypper:
firewalld:
zones:
internal:
+ {{ firewall_interfaces(internal) }}
ports:
- comment: node_exporter
port: 9200
protocol: tcp
+ {%- if public | length %}
+ public:
+ {{ firewall_interfaces(public) }}
+ {%- endif %}
{%- endif %}
mine_functions: