Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for firewalld zone attribute #206

Merged
merged 7 commits into from
Jan 3, 2024
Merged

Support for firewalld zone attribute #206

merged 7 commits into from
Jan 3, 2024

Conversation

jpSimkins
Copy link
Contributor

@jpSimkins jpSimkins commented Jan 24, 2019
edited
Loading

Description

This adds zone support to firewall_rule for firewalld as this is a core component of firewalld
This also adds a new recipe named: firewalld...

Ideally, I would have liked to modify the default recipe but this seems a more proper route. I can update PR if it is decided a better route to include this in the default recipe. The issue is that I would have to duplicate every rule and have only_if firewalld checks. To prevent duplicate rules and to omit any confusion, I added the new recipe.

I used String as the value type for the new zones attribute instead of symbol due to that zones are easily customizable. I also thought about adding a zones resource but feel that is a bit more than what this cookbook needs.

Issues Resolved

#205

Check List

Jeremy Simkins - jpUbuntu added 3 commits January 24, 2019 11:54
ADDED support for firewalld zone attribute
f58b330 
This adds a new recipe named: firewalld

Ideally, I would have liked to modify the default recipe but this seems a more proper route.

Signed-off-by: Jeremy Simkins <[email protected]>
Fixed resource default attribute value to match attribute default value
2005f62 
Signed-off-by: Jeremy Simkins <[email protected]>
Changes spec environment to be CentOS 7
1bab123 
Signed-off-by: Jeremy Simkins <[email protected]>
@jpSimkins jpSimkins changed the title ADDED support for firewalld zone attribute Support for firewalld zone attribute Jan 24, 2019
xorima
xorima previously approved these changes Sep 29, 2023
View reviewed changes
@damacus
Copy link
Member

damacus commented Dec 21, 2023

I don't know why this has gone quiet for so long.

This looks like something we do want, can you rebase the README and add a CHANGELOG entry please.

@jpSimkins jpSimkins requested a review from a team as a code owner December 24, 2023 17:05
@damacus damacus self-assigned this Jan 3, 2024
@damacus damacus added the Release: Minor Release to Chef Supermarket as a minor release when merged label Jan 3, 2024
@damacus damacus merged commit 3612988 into sous-chefs:main Jan 3, 2024
14 of 20 checks passed
@TeroPihlaja
Copy link

Any plans to release this change soon?

@TeroPihlaja
Copy link

I tried this feature, but I'm getting the following error on redhat 9:

---- Begin output of firewall-cmd --zone=public --direct --add-rule ipv4 filter INPUT 50 -p tcp -m tcp -m multiport --dports 22 -m comment --comment 'ssh' -j ACCEPT ----
STDOUT:
STDERR: usage: 'firewall-cmd --help' for usage information or see firewall-cmd(1) man page
--zone is an invalid option with --direct
---- End output of firewall-cmd --zone=public --direct --add-rule ipv4 filter INPUT 50 -p tcp -m tcp -m multiport --dports 22 -m comment --comment 'ssh' -j ACCEPT ----
Ran firewall-cmd --zone=public --direct --add-rule ipv4 filter INPUT 50 -p tcp -m tcp -m multiport --dports 22 -m comment --comment 'ssh' -j ACCEPT returned 2

I guess --direct should be removed if zone is defined?

@jpSimkins
Copy link
Contributor Author

jpSimkins commented May 7, 2024
edited
Loading

yes, --direct should no longer be used. Pretty sure it has been removed from iptables. I no longer use chef so didn't check that when I made the requested changes. Given this is already merged, I'll let them remove that.

--direct was used to add/remove chains in runtime.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xorima xorima xorima left review comments

Assignees

@damacus damacus

Labels
Release: Minor Release to Chef Supermarket as a minor release when merged
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jpSimkins @damacus @TeroPihlaja @xorima