linux-system-roles
Manage policies
What would you like to be added: I would like to add and modify policies in the same way services are modified.
firewall:
- policy: test
priority: -15000
target: CONTINUE
ingress-zones: eth1
egress-zones: eth2
state: present
permanent: true
See also: https://firewalld.org/2020/09/policy-objects-introduction
So, what is about policies in general. In the readme they are mentioned in three or four places, but at a first glance they are not handled in any examples or code?
Is there any possiblity to use policies right now or do I have to use template-files and put them onto the system outside this role?
So, what is about policies in general. In the readme they are mentioned in three or four places, but at a first glance they are not handled in any examples or code?
If you are referring to https://github.com/linux-system-roles/firewall#available-ansible-facts They are only returned when you retrieve the firewall facts. The role does not allow you to manage them.
Is there any possiblity to use policies right now
No.
or do I have to use template-files and put them onto the system outside this role?
Yes.
Ah, sorry - I missed the headline :(
Thanks for the hint. Any tips for managing the firewall with a combination of manual templated files and this role?
Ah, sorry - I missed the headline :(
Thanks for the hint. Any tips for managing the firewall with a combination of manual templated files and this role?
note that if you use previous: replaced - https://github.com/linux-system-roles/firewall#previous
it will erase all files under /etc/firewalld/**/*.xml - so if you manage policy files under /etc/firewalld/policies/*.xml, you should do that after using the firewall role if you plan to use previous: replaced.