Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

firewalld_zone should be purgeable (safely) #134

Open
trevor-vaughan opened this issue Mar 31, 2017 · 3 comments · May be fixed by #249
Open

firewalld_zone should be purgeable (safely) #134

trevor-vaughan opened this issue Mar 31, 2017 · 3 comments · May be fixed by #249
Labels
enhancement New feature or request

Comments

@trevor-vaughan
Copy link
Collaborator

firewalld starts with a large number of zones that simply add complexity to the system. The user should have the ability to purge all unnecessary zones.

The system should check and make sure that any required zones are not purged.

In particular, any zone listed as part of a DefaultZone in the /etc/firewalld/*.conf files should be preserved.
@davealden
Copy link

I would like to second this. Part of why we use puppet is to ensure the configuration of services like the firewall are exactly the way we want them. I don't see how I can ensure that there aren't any other zones that someone created allowing remote access to something that we don't want to allow remote access to.

@crayfishx crayfishx added enhancement New feature or request accepted labels Jun 9, 2017
@crayfishx
Copy link
Contributor

@trevor-vaughan

In particular, any zone listed as part of a DefaultZone in the /etc/firewalld/*.conf files should be preserved.

It was my understanding that you could only have one default zone?

@trevor-vaughan
Copy link
Collaborator Author

@crayfishx You can have one default zone but there's nothing preventing people from using the command line to do whatever it is to that zone. Additionally, the presence of a default zone means nothing if someone has used other utilities to hook different zones to the interface or do something else.

If I need an authoritative configuration across the entire host, I should be able to enact it via the management module.

yachub added a commit to yachub/puppet-firewalld that referenced this issue Jan 13, 2020
@yachub
voxpupuli#134 Added feature for purging unmanaged firewalld zones
a21fc9f
yachub added a commit to yachub/puppet-firewalld that referenced this issue Jan 13, 2020
@yachub
voxpupuli#134 Add enhancement for purging unmanaged firewalld zones
ff19e24
@yachub yachub linked a pull request Jan 13, 2020 that will close this issue
Open
sigbjornaib pushed a commit to sigbjornaib/puppet-firewalld that referenced this issue Mar 9, 2020
@yachub @sigbjornaib
voxpupuli#134 Add enhancement for purging unmanaged firewalld zones
3cf5963
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add enhancement for purging unmanaged zones yachub/puppet-firewalld
4 participants
@alexjfisher @crayfishx @davealden @trevor-vaughan