firewalld-formula

A SaltStack Formula to set up and configure Firewalld, a dynamically managed firewall with support for network/firewall zones to define the trust level of network connections or interfaces.

Table of Contents

• General notes
• Contributing to this repo
• Special notes
• TODO
• Instructions
• Additional resources
• Formula Dependencies
• Contributions
• Salt Compatibility
• OS Compatibility
• Available states
  • firewalld
• Testing
  • Requirements
  • bin/kitchen converge
  • bin/kitchen verify
  • bin/kitchen destroy
  • bin/kitchen test
  • bin/kitchen login

General notes

See the full SaltStack Formulas installation and usage instructions.

If you are interested in writing or contributing to formulas, please pay attention to the Writing Formula Section.

If you want to use this formula, please pay attention to the FORMULA file and/or git tag, which contains the currently released version. This formula is versioned according to Semantic Versioning.

See Formula Versioning Section for more details.

If you need (non-default) configuration, please pay attention to the pillar.example file and/or Special notes section.

Contributing to this repo

Commit message formatting is significant!!

Please see How to contribute for more details.

Special notes

None

TODO

• configure local pre-commit hooks (code syntax check based on file extension, check for ugly utf-8 mac os white space)

Instructions

1. Add this repository as a GitFS backend in your Salt master config.
2. Configure your Pillar top file (/srv/pillar/top.sls), see pillar.example
3. Include this Formula within another Formula or simply define your needed states within the Salt top file (/srv/salt/top.sls).

Additional resources

None

Formula Dependencies

None

Contributions

Contributions are always welcome. All development guidelines you have to know are

• write clean code (proper YAML+Jinja syntax, no trailing whitespaces, no empty lines with whitespaces, LF only)
• set sane default settings
• test your code
• update README.rst doc

Salt Compatibility

Tested with:

• 2018.3.x (will probably work too with 2017.x.x)

OS Compatibility

Tested with:

• CentOS 7
• Debian 9
• Ubuntu 18.04

Available states

• firewalld

firewalld

Manage firewalld

Testing

Linux testing is done with kitchen-salt.

Requirements

• Ruby
• Docker

$ gem install bundler
$ bundle install
$ bin/kitchen test [platform]

Where [platform] is the platform name defined in kitchen.yml, e.g. debian-9-2019-2-py3.

bin/kitchen converge

Creates the docker instance and runs the firewalld main state, ready for testing.

bin/kitchen verify

Runs the inspec tests on the actual instance.

bin/kitchen destroy

Removes the docker instance.

bin/kitchen test

Runs all of the stages above in one go: i.e. destroy + converge + verify + destroy.

bin/kitchen login

Gives you SSH access to the instance for manual testing.