Is there not a SUSE-specific way of doing it? Something that actually uses the OS-provided mechanism to do it, instead of managing the config files, etc...?
The one for firewalld does. Is there not something that will the equivalent of "yast firewall services add tcpport=443, zone=EXT"?
Allen B.
--
Allen Beddingfield
Systems Engineer
Office of Information Technology
The University of Alabama
Office 205-348-2251
allen@ua.edu
________________________________________
From: Victor Zhestkov
Sent: Wednesday, June 23, 2021 9:09 AM
To: Allen Beddingfield; uyuni-users@opensuse.org
Subject: [EXTERNAL] Re: Salt state for SLES 12 firewall. Use salt.states.iptables?
Try to use `save: True` argument for `iptables` state module. In case if the boolean value is specified for `save` the module shuld save the rule in the default file.
There is a rule selecting file to save the rules based on the OS family:
https://github.com/saltstack/salt/blob/6d454bf9342dee2507a5e50af79782592698e...
But please note that it could fail for some of the functions as the save parameter is not passing correct way for some of them.
Regards,
Victor
On Wed, 2021-06-23 at 14:03 +0000, Allen Beddingfield wrote:
I'm just asking how is the "correct" way in a salt state to ensure that a port is open on a SLES 12 system. SLES 15 uses firewalld, so I use "firewalld.present"
Allen B.
--
Allen Beddingfield
Systems Engineer
Office of Information Technology
The University of Alabama
Office 205-348-2251
allen@ua.edumailto:allen@ua.edu
________________________________________
From: Victor Zhestkov mailto:Victor.Zhestkov@suse.com>
Sent: Wednesday, June 23, 2021 9:01 AM
To: Allen Beddingfield; uyuni-users@opensuse.orgmailto:uyuni-users@opensuse.org
Subject: [EXTERNAL] Re: Salt state for SLES 12 firewall. Use salt.states.iptables?
Hi Allen.
Not sure if I understood the idea right, but there is an issue related to saving rules for iptables, the fix was tested, but not yet published in the latest package.
Here is the upstream PR.
https://github.com/saltstack/salt/pull/60358
Anyway saving the rules to the file need to be tested for each distro.
Regards,
Victor
On Wed, 2021-06-23 at 13:56 +0000, Allen Beddingfield wrote:
I have been using the firewalld state module for SLES 15 successfully, but I'm now trying to write a state for SLES 12, which uses the older SuSEfirewall2. Is the salt.states.iptables module the correct approach for this?
Wondering if directly inserting iptables rules with that is going to cause any issues if someone opens the yast firewall module later?
Allen B.
--
Allen Beddingfield
Systems Engineer
Office of Information Technology
The University of Alabama
Office 205-348-2251
allen@ua.edumailto:allen@ua.edumailto:allen@ua.edu>