Extend firewall stage to set the default zone
Extend the firewall stage to allow setting the default firewall zone. Modify the stage unit test accordingly. Signed-off-by: Tomas Hozza <thozza@redhat.com>
This commit is contained in:
Tomas Hozza
Achilleas Koutsou
parent
3eb91401cf
commit
e71a91f5d0
4 changed files with 21 additions and 5 deletions
|
|
@ -59,6 +59,10 @@ SCHEMA = """
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"description": "Service name (from /{lib,etc}/firewalld/services/*.xml)"
|
"description": "Service name (from /{lib,etc}/firewalld/services/*.xml)"
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
"default_zone": {
|
||||||
|
"description": "Set default zone for connections and interfaces where no zone has been selected.",
|
||||||
|
"type": "string"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
"""
|
"""
|
||||||
|
|
@ -72,7 +76,14 @@ def main(tree, options):
|
||||||
enabled_services = options.get("enabled_services", [])
|
enabled_services = options.get("enabled_services", [])
|
||||||
disabled_services = options.get("disabled_services", [])
|
disabled_services = options.get("disabled_services", [])
|
||||||
|
|
||||||
|
default_zone = options.get("default_zone", "")
|
||||||
|
|
||||||
# firewall-offline-cmd does not implement --root option so we must chroot it
|
# firewall-offline-cmd does not implement --root option so we must chroot it
|
||||||
|
if default_zone:
|
||||||
|
subprocess.run(["chroot", tree, "firewall-offline-cmd", f"--set-default-zone={default_zone}"], check=True)
|
||||||
|
|
||||||
|
# The options below are "lokkit" compatibility options and can not be used
|
||||||
|
# with other options.
|
||||||
subprocess.run(["chroot",
|
subprocess.run(["chroot",
|
||||||
tree,
|
tree,
|
||||||
"firewall-offline-cmd"] +
|
"firewall-offline-cmd"] +
|
||||||
|
|
|
||||||
|
|
@ -488,7 +488,8 @@
|
||||||
],
|
],
|
||||||
"disabled_services": [
|
"disabled_services": [
|
||||||
"telnet"
|
"telnet"
|
||||||
]
|
],
|
||||||
|
"default_zone": "trusted"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
|
||||||
|
|
@ -42,7 +42,8 @@
|
||||||
],
|
],
|
||||||
"disabled_services": [
|
"disabled_services": [
|
||||||
"telnet"
|
"telnet"
|
||||||
]
|
],
|
||||||
|
"default_zone": "trusted"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,11 @@
|
||||||
{
|
{
|
||||||
"added_files": [
|
"added_files": [
|
||||||
"/etc/firewalld/zones/public.xml",
|
"/etc/firewalld/firewalld.conf.old",
|
||||||
"/etc/firewalld/zones/public.xml.old"
|
"/etc/firewalld/zones/trusted.xml",
|
||||||
|
"/etc/firewalld/zones/trusted.xml.old"
|
||||||
],
|
],
|
||||||
"deleted_files": [],
|
"deleted_files": [],
|
||||||
"differences": {}
|
"differences": {
|
||||||
|
"/etc/firewalld/firewalld.conf": {"mode": [41471, 33152]}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue