-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsetup-firewalld-customer-zone.sls
39 lines (38 loc) · 1.57 KB
/
setup-firewalld-customer-zone.sls
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
## Configure Firewalld Viritual Zone for Customer Support Access
##
## Pillar Variables:
##
## Name | Type | Default Value | Description
## --------------------------------------------------------------------------------------------------------
## customer_name | String | None | The customers name to use as the firewall zone name
## firewalld_customer | dictionary | None | Details of the traffic to allow inbound detailed below
##
## firewalld_customer dictionary description:
##
## Name | Type | Default Value | Description
## ----------------------------------------------------------------------------------
## services | list | ['https', 'ssh'] | The list of services to allow inbound
## sources | list | None | The list of source addresses to allow inbound
##
## Example pillar data:
##
## customer_name: SampleCustomer
## firewalld_customer:
## sources:
## - 1.1.1.1/32
## - 1.1.1.2/32
{% if pillar.firewalld_customer is defined and pillar.customer_name is defined %}
Setup Customer firewalld zone:
firewalld.present:
- name: {{ salt['pillar.get']("customer_name") }}
{% if (pillar.firewalld_customer.services is defined) and pillar.firewalld_customer.services %}
- services: {{ salt['pillar.get']("firewalld_customer:services") }}
{% else %}
- services:
- https
- ssh
{% endif %}
{% if (pillar.firewalld_customer.sources is defined) and pillar.firewalld_customer.sources %}
- sources: {{ salt['pillar.get']("firewalld_customer:sources") }}
{% endif %}
{% endif %}