Releases: linux-system-roles/firewall
remove customzone zone in cleanup and other cleanup improvements (#74)
remove customzone zone in cleanup (#74)
-
remove customzone zone in cleanup
-
fix test failure in tests_purge_config; add cleanups
-
ensure default zone is set to other than dmz for test
[citest skip] bump tox-lsr version to 2.11.0; remove py37; add py310 (#73)
tox-lsr version 2.11.0 has support for collection-requirements.yml,
runqemu improvements, and support for python 3.10
python 3.7 is not used on any supported platform, so remove it
Signed-off-by: Rich Megginson rmeggins@redhat.com
Added ability to restore Firewalld defaults
Added ability to restore Firewalld defaults
The user can add previous: replaced to one of the elements in
the firewall list to force the role to remove all existing
config files. You can use this to make your Ansible inventory
the "source of truth" for all firewall configuration.
There is a lot of stuff here to ensure that:
- all operations of the role are idempotent
- the role will only report changed: true when something
actually changed
Specifically - if using previous: replaced, the role will only
report changed: true if the final configuration, after erasing
and applying all of the configuration, is different than the
initial configuration.
support gather_facts: false; support setup-snapshot.yml (#71)
support gather_facts: false; support setup-snapshot.yml (#71)
Some users use gather_facts: false in their playbooks. This changes
the role to work in that case, by gathering only the facts it requires
to run.
CI testing can be sped up by creating a snapshot image pre-installed
with packages. tests/setup-snapshot.yml can be used by a CI system
to do this.
Add ability to set the default zone; make target changes immediate
Add ability to set the default zone (#68)
Add ability to set the default zone with set_default_zone
ensure that changes to target take effect immediately (#70)
When changing the target, a reload is required in order for the
changes to take effect, so ensure that this happens.
The code has been refactored slightly in order to use the same
reload logic for other cases where reload is required.
A new test was added for the target use cases.
Allow state: present and state: absent for target
Adding/removing a zone takes effect immediately for subsequent operations
Added implicit firewalld reload for when a custom zone is added or re… (#59)
- Added implicit firewalld reload for when a custom zone is added or removed
remove recursive role symlink in tests/roles
update tox-lsr version to 2.8.0 (#56)
update tox-lsr version to 2.8.0
New version adds check for proper commenting of the ansible_managed var
Signed-off-by: Sergei Petrosian spetrosi@redhat.com
Added an issue template for the Firewalld System Role (#57)
Added examples of options in Readme (#58)
change recursive role symlink to individual role dir symlinks (#61)
Signed-off-by: Rich Megginson rmeggins@redhat.com
bump tox-lsr version to 2.8.3 (#62)
Signed-off-by: Rich Megginson rmeggins@redhat.com
Support EL7; add support, docs for permanent and runtime
Modernize interface to be similar to ansible.posix.firewalld
Make target require zone, and source require permanent.
Target cannot only be set when state is present or absent.
Update interface so that interface can only be applied to one zone. (#48)
Removed offline flag from system role
support python 39, ansible-core 2.12, ansible-plugin-scan (#51)
also fix ansible-test issues
update tox-lsr version to 2.7.1 (#52)
update the tox-lsr version used in github actions tox CI
to 2.7.1
The only difference between this an 2.7.0 is that Ansible 2.12
is now GA.
Signed-off-by: Rich Megginson rmeggins@redhat.com
Remove support for system-config-firewall/lokkit, firewll connection, MAC address, interface, NetworkManager, trust, masq, RHEL 7. Add support for ansible.posix.firewalld options.
Remove support for system-config-firewall/lokkit
The role is only suporting firewalld now. The code and variables for
system-config-firewall/lokkit have been removed.
The firewall_setup_default_solution setting has been removed also as
there is exaclty one firewall backend now.
Remove firewall connection support
The final goal is to be able to remove all code and variables that are
resulting in direct iteract with NetworkManager in the role.
This change is removing the docs, code and variables for
- trust_by_connection
- masq_by_connection
- forward_port_by_connection
Remoce MAC address support
The final goal is to be able to remove all code and variables that are
resulting in direct iteract with NetworkManager in the role.
This change is removing the docs, code and variables for
- trust_by_mac
- masq_by_mac
- forward_port_by_mac
Remove interface, NetworkManager, trust, masq support
This change removes all docs, code and variables that are used with
interfces:
- trust
- masq
Also using interfaces with forward_port has been removed and the whole
handling of NetworkManager and ifcfg files.
There is no direct interaction with NetworkManager anymore in the role.
Cleanup unused imports, move AnsibleModule import after docs
The imports for os, os.path and sys have been removed. The import for
AnsbileModule has been moved right after the docs section.
Add support for ansible.posix.firewalld options
Support for masquerade, rich_rule, source, interface, icmp_block,
icmp_block_inversion, timeout, target, permanent, runtime (alias:
immediate) and offline have been added.
The forward_port parameter is using the string format that firewalld is
using.
Additionally the source_port parameter has been added.
The new test tests_ansible.yml has been added. It is importing the role
and using the firewall_lib module directly.
Drop support for Ansible 2.8 by bumping the Ansible version to 2.9
Bug 1989197 - drop support for Ansible 2.8
https://bugzilla.redhat.com/show_bug.cgi?id=1989197
Remove RHEL-7 from supported distributions
RHEL-7 with system-config-firewall/lokkit is not supported anymore. Only
distributions with firewalld are suported.
use tox-lsr version 2.5.1
This version removes support for molecule until we can figure out
what to do about molecule. This should make all of the tox tests
pass (except for python 2.6).
Signed-off-by: Rich Megginson rmeggins@redhat.com
Add unit tests
parametrize module parameter testing; enable coverage
fix linter issues
use apt-get install -y
Signed-off-by: Rich Megginson rmeggins@redhat.com
support for user-created zones; pass a.p.firewalld tests
Adds support for user-created zones - user can add/remove zones.
Makes the role pass a.p.firewalld integration tests.
Code cleanup
Co-authored-by: Rich Megginson rmeggins@redhat.com
Revert "support for user-created zones; pass a.p.firewalld tests"
Updated .gitignore
Added tests/output and tests_ap.yml. Handles commonly wrongly committed files.
Remove tests/output files, and re-adds support for passing ansible posix tests.
support for user-created zones; pass a.p.firewalld tests (#42)
Adds support for user-created zones - user can add/remove zones.
Makes the role pass a.p.firewalld integration tests.
Code cleanup
Co-authored-by: Vrindle vrinda.punj30@gmail.com
Fix lint issues; support EL 9
Fix lint issues
Support EL 9