Try to use `save: True` argument for `iptables` state module. In case if the boolean value is specified for `save` the module shuld save the rule in the default file.
But please note that it could fail for some of the functions as the save parameter is not passing correct way for some of them.
I'm just asking how is the "correct" way in a salt state to ensure that a port is open on a SLES 12 system. SLES 15 uses firewalld, so I use "firewalld.present"
Allen B.
--
Allen Beddingfield
Systems Engineer
Office of Information Technology
The University of Alabama
Office 205-348-2251
________________________________________
Sent: Wednesday, June 23, 2021 9:01 AM
Subject: [EXTERNAL] Re: Salt state for SLES 12 firewall. Use salt.states.iptables?
Hi Allen.
Not sure if I understood the idea right, but there is an issue related to saving rules for iptables, the fix was tested, but not yet published in the latest package.
Here is the upstream PR.
Anyway saving the rules to the file need to be tested for each distro.
Regards,
Victor
On Wed, 2021-06-23 at 13:56 +0000, Allen Beddingfield wrote:
I have been using the firewalld state module for SLES 15 successfully, but I'm now trying to write a state for SLES 12, which uses the older SuSEfirewall2. Is the salt.states.iptables module the correct approach for this?
Wondering if directly inserting iptables rules with that is going to cause any issues if someone opens the yast firewall module later?
Allen B.
--
Allen Beddingfield
Systems Engineer
Office of Information Technology
The University of Alabama
Office 205-348-2251