carroarmato0/ansible.posix
1
0
Fork 0
mirror of https://github.com/ansible-collections/ansible.posix.git synced 2026-01-11 23:25:28 +01:00
Code Issues Projects Releases Packages Wiki Activity

Add support for protocol parameter

Browse source
This commit is contained in:
Robért S. Guhr 2023-02-14 23:20:47 +01:00
parent 8a07431bf8
commit ee9df94762
2 changed files with 73 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/xxx-add-protocol-parameter.yml Normal file
View file

@ -0,0 +1,2 @@
minor_changes:
- firewalld - add `protocol` parameter

73
plugins/modules/firewalld.py
View file

@ -19,6 +19,10 @@ options:
- Name of a service to add/remove to/from firewalld. - Name of a service to add/remove to/from firewalld.
- The service must be listed in output of firewall-cmd --get-services. - The service must be listed in output of firewall-cmd --get-services.
type: str type: str
protocol:
description:
- Name of a protocol to add/remove to/from firewalld.
type: str
port: port:
description: description:
- Name of a port or port range to add/remove to/from firewalld. - Name of a port or port range to add/remove to/from firewalld.
@ -144,6 +148,12 @@ EXAMPLES = r'''
permanent: true permanent: true
state: enabled state: enabled
- name: permit ospf traffic
ansible.posix.firewalld:
protocol: ospf
permanent: true
state: enabled
- name: do not permit traffic in default zone on port 8081/tcp - name: do not permit traffic in default zone on port 8081/tcp
ansible.posix.firewalld: ansible.posix.firewalld:
port: 8081/tcp port: 8081/tcp
@ -343,6 +353,47 @@ class ServiceTransaction(FirewallTransaction):
self.update_fw_settings(fw_zone, fw_settings) self.update_fw_settings(fw_zone, fw_settings)
class ProtocolTransaction(FirewallTransaction):
"""
ProtocolTransaction
"""
def __init__(self, module, action_args=None, zone=None, desired_state=None, permanent=False, immediate=False):
super(ProtocolTransaction, self).__init__(
module, action_args=action_args, desired_state=desired_state, zone=zone, permanent=permanent, immediate=immediate
)
def get_enabled_immediate(self, protocol, timeout):
if protocol in self.fw.getProtocols(self.zone):
return True
else:
return False
def get_enabled_permanent(self, protocol, timeout):
fw_zone, fw_settings = self.get_fw_zone_settings()
if protocol in fw_settings.getProtocols():
return True
else:
return False
def set_enabled_immediate(self, protocol, timeout):
self.fw.addProtocol(self.zone, protocol, timeout)
def set_enabled_permanent(self, protocol, timeout):
fw_zone, fw_settings = self.get_fw_zone_settings()
fw_settings.addProtocol(protocol)
self.update_fw_settings(fw_zone, fw_settings)
def set_disabled_immediate(self, protocol, timeout):
self.fw.removeProtocol(self.zone, protocol)
def set_disabled_permanent(self, protocol, timeout):
fw_zone, fw_settings = self.get_fw_zone_settings()
fw_settings.removeProtocol(protocol)
self.update_fw_settings(fw_zone, fw_settings)
class MasqueradeTransaction(FirewallTransaction): class MasqueradeTransaction(FirewallTransaction):
""" """
MasqueradeTransaction MasqueradeTransaction
@ -748,6 +799,7 @@ def main():
icmp_block=dict(type='str'), icmp_block=dict(type='str'),
icmp_block_inversion=dict(type='str'), icmp_block_inversion=dict(type='str'),
service=dict(type='str'), service=dict(type='str'),
protocol=dict(type='str'),
port=dict(type='str'), port=dict(type='str'),
port_forward=dict(type='list', elements='dict'), port_forward=dict(type='list', elements='dict'),
rich_rule=dict(type='str'), rich_rule=dict(type='str'),
@ -769,7 +821,7 @@ def main():
source=('permanent',), source=('permanent',),
), ),
mutually_exclusive=[ mutually_exclusive=[
['icmp_block', 'icmp_block_inversion', 'service', 'port', 'port_forward', 'rich_rule', ['icmp_block', 'icmp_block_inversion', 'service', 'protocol' 'port', 'port_forward', 'rich_rule',
'interface', 'masquerade', 'source', 'target'] 'interface', 'masquerade', 'source', 'target']
], ],
) )
@ -798,6 +850,7 @@ def main():
icmp_block = module.params['icmp_block'] icmp_block = module.params['icmp_block']
icmp_block_inversion = module.params['icmp_block_inversion'] icmp_block_inversion = module.params['icmp_block_inversion']
service = module.params['service'] service = module.params['service']
protocol = module.params['protocol']
rich_rule = module.params['rich_rule'] rich_rule = module.params['rich_rule']
source = module.params['source'] source = module.params['source']
zone = module.params['zone'] zone = module.params['zone']
@ -829,7 +882,7 @@ def main():
port_forward_toaddr = port_forward['toaddr'] port_forward_toaddr = port_forward['toaddr']
modification = False modification = False
if any([icmp_block, icmp_block_inversion, service, port, port_forward, rich_rule, if any([icmp_block, icmp_block_inversion, service, protocol, port, port_forward, rich_rule,
interface, masquerade, source, target]): interface, masquerade, source, target]):
modification = True modification = True
if modification and desired_state in ['absent', 'present'] and target is None: if modification and desired_state in ['absent', 'present'] and target is None:
@ -893,6 +946,22 @@ def main():
if changed is True: if changed is True:
msgs.append("Changed service %s to %s" % (service, desired_state)) msgs.append("Changed service %s to %s" % (service, desired_state))
if protocol is not None:
transaction = ProtocolTransaction(
module,
action_args=(protocol, timeout),
zone=zone,
desired_state=desired_state,
permanent=permanent,
immediate=immediate,
)
changed, transaction_msgs = transaction.run()
msgs = msgs + transaction_msgs
if changed is True:
msgs.append("Changed protocol %s to %s" % (protocol, desired_state))
if source is not None: if source is not None:
transaction = SourceTransaction( transaction = SourceTransaction(