puppet-firewalld icon indicating copy to clipboard operation
puppet-firewalld copied to clipboard
verified publisher icon voxpupuli

Speed up ipset entries changes

Open jfroche opened this issue 7 years ago • 16 comments

We now use --add-entries-from-file and --remove-entries-from-file to change firewalld ipset. Adding or removing entries one by one was really slow.

This pull request is based on https://github.com/42wim/puppet-firewalld/blob/04683b46cbe6e6a925c585283941cc363752aceb/lib/puppet/provider/firewalld_ipset/firewall_cmd.rb first pull request was here: jfroche/puppet-firewalld#4

jfroche avatar Apr 26 '18 11:04 jfroche

What is the format of the files that feed this function?

Rovanion avatar Feb 28 '19 08:02 Rovanion

@Rovanion some example:

ipset::set:
  some_name:
    type: hash:net
    hashsize: 1024
    family: inet6
    manage_entries: true
    set:
      - 2a02:2c40::1
      - 2a02:2c40::2

# We have a wrapper around firewalld module, should be similar
wrapped::firewalld::rich_rules:
  allow_from_some_name:
      zone: public
      family: ipv6
      source:
        ipset: some_name
      service: some_service
      action: accept

# cat /etc/firewalld/ipsets/some_name.xml

<?xml version="1.0" encoding="utf-8"?>
<ipset type="hash:net">
  <option name="hashsize" value="1024"/>
  <option name="family" value="inet6"/>
  <entry>2a02:2c40::1</entry>
  <entry>2a02:2c40::2</entry>
</ipset>

jovandeginste avatar Mar 08 '19 16:03 jovandeginste

Dear @jfroche, thanks for the PR!

This is pccibot, your friendly Vox Pupuli GitHub Bot. I noticed that your pull request contains merge conflict. Can you please rebase?

You can find my sourcecode at voxpupuli/vox-pupuli-tasks

pccibot avatar Sep 22 '19 22:09 pccibot

Dear @jfroche, thanks for the PR!

This is pccibot, your friendly Vox Pupuli GitHub Bot. I noticed that your pull request contains merge conflict. Can you please rebase?

You can find my sourcecode at voxpupuli/vox-pupuli-tasks

pccibot avatar Sep 22 '19 22:09 pccibot

Dear @jfroche, thanks for the PR!

This is pccibot, your friendly Vox Pupuli GitHub Bot. I noticed that your pull request contains merge conflict. Can you please rebase?

You can find my sourcecode at voxpupuli/vox-pupuli-tasks

pccibot avatar Sep 22 '19 22:09 pccibot

Dear @jfroche, thanks for the PR!

This is pccibot, your friendly Vox Pupuli GitHub Bot. I noticed that your pull request contains merge conflict. Can you please rebase?

You can find my sourcecode at voxpupuli/vox-pupuli-tasks

vox-pupuli-tasks[bot] avatar Jan 05 '20 13:01 vox-pupuli-tasks[bot]

Dear @jfroche, thanks for the PR!

This is pccibot, your friendly Vox Pupuli GitHub Bot. I noticed that your pull request contains merge conflict. Can you please rebase?

You can find my sourcecode at voxpupuli/vox-pupuli-tasks

vox-pupuli-tasks[bot] avatar Jan 05 '20 13:01 vox-pupuli-tasks[bot]

@dhoppe would you like us to fix the merge conflicts?

jovandeginste avatar Jan 05 '20 15:01 jovandeginste

@jovandeginste That would be great. Thank you very much.

dhoppe avatar Jan 05 '20 15:01 dhoppe

rebased on master branch

jfroche avatar Jan 23 '20 11:01 jfroche

Are we speaking about using /tmp during unittest not being secure ?

jfroche avatar Feb 15 '20 18:02 jfroche

ping @ghoneycutt

jovandeginste avatar Mar 06 '20 10:03 jovandeginste

I was mistaken, for the test it seems fine.

ghoneycutt avatar May 28 '20 21:05 ghoneycutt

can we pick this PR up again, @ghoneycutt ?

jovandeginste avatar Sep 22 '21 08:09 jovandeginste

Can we get --add-entries-from-file and --remove-entries-from-file functionality in this module (obviously still keep the --add-entry and --remove-entry functionality) over the line please and in the latest version.

mnsmithuk avatar Jul 23 '22 23:07 mnsmithuk

Can you rebase off head for the CI?

jcpunk avatar Sep 19 '23 17:09 jcpunk