From e395f7f0a3ab7b4542588ee77499fdd511d4fc28 Mon Sep 17 00:00:00 2001
From: Georg Pfuetzenreuter
Date: Sun, 29 Jan 2023 15:49:48 +0100
Subject: Manage common firewalld rules

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
---
 pillar/global/init.sls | 8 ++++++++
 pillar/global/ssh.sls  | 5 +++++
 2 files changed, 13 insertions(+)

diff --git a/pillar/global/init.sls b/pillar/global/init.sls
index 349bd93..a7669ae 100644
--- a/pillar/global/init.sls
+++ b/pillar/global/init.sls
@@ -11,6 +11,14 @@ managed_header_pound: |
 {%- if grains['os'] == 'SUSE' %}
 zypper:
   refreshdb_force: False
+
+firewalld:
+  zones:
+    internal:
+      ports:
+        - comment: node_exporter
+          port: 9200
+          protocol: tcp
 {%- endif %}
 
 mine_functions:
diff --git a/pillar/global/ssh.sls b/pillar/global/ssh.sls
index 5d0e59f..8c18a86 100644
--- a/pillar/global/ssh.sls
+++ b/pillar/global/ssh.sls
@@ -30,3 +30,8 @@ sshd_config:
   Subsystem: sftp /usr/lib/ssh/sftp-server
   Banner: /etc/ssh/banner
 
+firewalld:
+  zones:
+    internal:
+      services:
+        - ssh
-- 
cgit v1.2.3