carroarmato0/ansible.posix
1
0
Fork 0
mirror of https://github.com/ansible-collections/ansible.posix.git synced 2026-01-12 07:35:31 +01:00
Code Issues Projects Releases Packages Wiki Activity

Add support for firewalld intra zone forwarding

Browse source
This commit is contained in:
Evert Hessel 2022-01-22 18:10:15 +01:00
parent 68e7ddb7a7
commit 5a38230dbf
1 changed files with 71 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

73
plugins/modules/firewalld.py
View file

@ -106,6 +106,10 @@ options:
description: description:
- The masquerade setting you would like to enable/disable to/from zones within firewalld. - The masquerade setting you would like to enable/disable to/from zones within firewalld.
type: str type: str
forward:
description:
- Whether intra zone forwarding should be enabled/disabled for a zone in firewalld.
type: bool
offline: offline:
description: description:
- Whether to run this module even when firewalld is offline. - Whether to run this module even when firewalld is offline.
@ -183,6 +187,12 @@ EXAMPLES = r'''
permanent: yes permanent: yes
zone: dmz zone: dmz
- ansible.posix.firewalld:
forward: yes
state: enabled
permanent: yes
zone: dmz
- ansible.posix.firewalld: - ansible.posix.firewalld:
zone: custom zone: custom
state: present state: present
@ -386,6 +396,49 @@ class MasqueradeTransaction(FirewallTransaction):
self.update_fw_settings(fw_zone, fw_settings) self.update_fw_settings(fw_zone, fw_settings)
class ForwardTransaction(FirewallTransaction):
"""
ForwardTransaction
"""
def __init__(self, module, action_args=None, zone=None, desired_state=None, permanent=False, immediate=False):
super(ForwardTransaction, self).__init__(
module, action_args=action_args, desired_state=desired_state, zone=zone, permanent=permanent, immediate=immediate
)
self.enabled_msg = "Enabled intra zone forwarding on zone %s" % self.zone
self.disabled_msg = "Disabled intra zone forwarding on zone %s" % self.zone
def get_enabled_immediate(self):
if self.fw.queryForward(self.zone) is True:
return True
else:
return False
def get_enabled_permanent(self):
fw_zone, fw_settings = self.get_fw_zone_settings()
if fw_settings.getForward() is True:
return True
else:
return False
def set_enabled_immediate(self):
self.fw.addForward(self.zone)
def set_enabled_permanent(self):
fw_zone, fw_settings = self.get_fw_zone_settings()
fw_settings.setForward(True)
self.update_fw_settings(fw_zone, fw_settings)
def set_disabled_immediate(self):
self.fw.removeForward(self.zone)
def set_disabled_permanent(self):
fw_zone, fw_settings = self.get_fw_zone_settings()
fw_settings.setForward(False)
self.update_fw_settings(fw_zone, fw_settings)
class PortTransaction(FirewallTransaction): class PortTransaction(FirewallTransaction):
""" """
PortTransaction PortTransaction
@ -751,6 +804,7 @@ def main():
timeout=dict(type='int', default=0), timeout=dict(type='int', default=0),
interface=dict(type='str'), interface=dict(type='str'),
masquerade=dict(type='str'), masquerade=dict(type='str'),
forward=dict(type='bool'),
offline=dict(type='bool'), offline=dict(type='bool'),
target=dict(type='str', choices=['default', 'ACCEPT', 'DROP', '%%REJECT%%']), target=dict(type='str', choices=['default', 'ACCEPT', 'DROP', '%%REJECT%%']),
), ),
@ -762,7 +816,7 @@ def main():
), ),
mutually_exclusive=[ mutually_exclusive=[
['icmp_block', 'icmp_block_inversion', 'service', 'port', 'port_forward', 'rich_rule', ['icmp_block', 'icmp_block_inversion', 'service', 'port', 'port_forward', 'rich_rule',
'interface', 'masquerade', 'source', 'target'] 'interface', 'masquerade', 'forward', 'source', 'target']
], ],
) )
@ -772,6 +826,7 @@ def main():
timeout = module.params['timeout'] timeout = module.params['timeout']
interface = module.params['interface'] interface = module.params['interface']
masquerade = module.params['masquerade'] masquerade = module.params['masquerade']
forward = module.params['forward']
# Sanity checks # Sanity checks
FirewallTransaction.sanity_check(module) FirewallTransaction.sanity_check(module)
@ -822,7 +877,7 @@ def main():
modification = False modification = False
if any([icmp_block, icmp_block_inversion, service, port, port_forward, rich_rule, if any([icmp_block, icmp_block_inversion, service, port, port_forward, rich_rule,
interface, masquerade, source, target]): interface, masquerade, forward, source, target]):
modification = True modification = True
if modification and desired_state in ['absent', 'present'] and target is None: if modification and desired_state in ['absent', 'present'] and target is None:
module.fail_json( module.fail_json(
@ -994,6 +1049,20 @@ def main():
'The type of the option will be changed from string to boolean in a future release. ' 'The type of the option will be changed from string to boolean in a future release. '
'To avoid unexpected behavior, please change the value to boolean.' % masquerade) 'To avoid unexpected behavior, please change the value to boolean.' % masquerade)
if forward is not None:
transaction = ForwardTransaction(
module,
action_args=(),
zone=zone,
desired_state=desired_state,
permanent=permanent,
immediate=immediate,
)
changed, transaction_msgs = transaction.run()
msgs = msgs + transaction_msgs
if target is not None: if target is not None:
transaction = ZoneTargetTransaction( transaction = ZoneTargetTransaction(