mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Basic ability to set masquerade options from ansible, according to current code design/layout (mostly) (#2017)
* Support for masquerade settings Ability to enable and disable masquerade settings from ansible via: - firewalld: mapping=masquerade state=disabled permanent=true zone=dmz Placeholder added (mapping) to support masquerade and port_forward choices initially - port_forward not implemented yet. * Permanent and Immediate zone handling differentiated * Corrected naming abstraction for masquerading functionality Removed mapping tag with port_forward choices - not applicable! * Added version info for new masquerade option Pull Request #2017 failing due to missing version info
This commit is contained in:
parent
e07cc7d9a2
commit
e2e0f51739
1 changed files with 92 additions and 0 deletions
|
@ -80,6 +80,12 @@ options:
|
|||
- "The amount of time the rule should be in effect for when non-permanent."
|
||||
required: false
|
||||
default: 0
|
||||
masquerade:
|
||||
description:
|
||||
- 'The masquerade setting you would like to enable/disable to/from zones within firewalld'
|
||||
required: false
|
||||
default: null
|
||||
version_added: "2.1"
|
||||
notes:
|
||||
- Not tested on any Debian based system.
|
||||
- Requires the python2 bindings of firewalld, who may not be installed by default if the distribution switched to python 3
|
||||
|
@ -95,6 +101,7 @@ EXAMPLES = '''
|
|||
- firewalld: rich_rule='rule service name="ftp" audit limit value="1/m" accept' permanent=true state=enabled
|
||||
- firewalld: source='192.168.1.0/24' zone=internal state=enabled
|
||||
- firewalld: zone=trusted interface=eth2 permanent=true state=enabled
|
||||
- firewalld: masquerade=yes state=enabled permanent=true zone=dmz
|
||||
'''
|
||||
|
||||
import os
|
||||
|
@ -114,6 +121,36 @@ try:
|
|||
except ImportError:
|
||||
HAS_FIREWALLD = False
|
||||
|
||||
|
||||
#####################
|
||||
# masquerade handling
|
||||
#
|
||||
def get_masquerade_enabled(zone):
|
||||
if fw.queryMasquerade(zone) == True:
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
def get_masquerade_enabled_permanent(zone):
|
||||
fw_zone = fw.config().getZoneByName(zone)
|
||||
fw_settings = fw_zone.getSettings()
|
||||
if fw_settings.getMasquerade() == True:
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
def set_masquerade_enabled(zone):
|
||||
fw.addMasquerade(zone)
|
||||
|
||||
def set_masquerade_disabled(zone):
|
||||
fw.removeMasquerade(zone)
|
||||
|
||||
def set_masquerade_permanent(zone, masquerade):
|
||||
fw_zone = fw.config().getZoneByName(zone)
|
||||
fw_settings = fw_zone.getSettings()
|
||||
fw_settings.setMasquerade(masquerade)
|
||||
fw_zone.update(fw_settings)
|
||||
|
||||
################
|
||||
# port handling
|
||||
#
|
||||
|
@ -286,6 +323,7 @@ def main():
|
|||
state=dict(choices=['enabled', 'disabled'], required=True),
|
||||
timeout=dict(type='int',required=False,default=0),
|
||||
interface=dict(required=False,default=None),
|
||||
masquerade=dict(required=False,default=None),
|
||||
),
|
||||
supports_check_mode=True
|
||||
)
|
||||
|
@ -325,6 +363,15 @@ def main():
|
|||
immediate = module.params['immediate']
|
||||
timeout = module.params['timeout']
|
||||
interface = module.params['interface']
|
||||
masquerade = module.params['masquerade']
|
||||
|
||||
## Check for firewalld running
|
||||
try:
|
||||
if fw.connected == False:
|
||||
module.fail_json(msg='firewalld service must be running')
|
||||
except AttributeError:
|
||||
module.fail_json(msg="firewalld connection can't be established,\
|
||||
version likely too old. Requires firewalld >= 2.0.11")
|
||||
|
||||
modification_count = 0
|
||||
if service != None:
|
||||
|
@ -335,6 +382,8 @@ def main():
|
|||
modification_count += 1
|
||||
if interface != None:
|
||||
modification_count += 1
|
||||
if masquerade != None:
|
||||
modification_count += 1
|
||||
|
||||
if modification_count > 1:
|
||||
module.fail_json(msg='can only operate on port, service, rich_rule or interface at once')
|
||||
|
@ -502,6 +551,49 @@ def main():
|
|||
changed=True
|
||||
msgs.append("Removed %s from zone %s" % (interface, zone))
|
||||
|
||||
if masquerade != None:
|
||||
|
||||
if permanent:
|
||||
is_enabled = get_masquerade_enabled_permanent(zone)
|
||||
msgs.append('Permanent operation')
|
||||
|
||||
if desired_state == "enabled":
|
||||
if is_enabled == False:
|
||||
if module.check_mode:
|
||||
module.exit_json(changed=True)
|
||||
|
||||
set_masquerade_permanent(zone, True)
|
||||
changed=True
|
||||
msgs.append("Added masquerade to zone %s" % (zone))
|
||||
elif desired_state == "disabled":
|
||||
if is_enabled == True:
|
||||
if module.check_mode:
|
||||
module.exit_json(changed=True)
|
||||
|
||||
set_masquerade_permanent(zone, False)
|
||||
changed=True
|
||||
msgs.append("Removed masquerade from zone %s" % (zone))
|
||||
if immediate or not permanent:
|
||||
is_enabled = get_masquerade_enabled(zone)
|
||||
msgs.append('Non-permanent operation')
|
||||
|
||||
if desired_state == "enabled":
|
||||
if is_enabled == False:
|
||||
if module.check_mode:
|
||||
module.exit_json(changed=True)
|
||||
|
||||
set_masquerade_enabled(zone)
|
||||
changed=True
|
||||
msgs.append("Added masquerade to zone %s" % (zone))
|
||||
elif desired_state == "disabled":
|
||||
if is_enabled == True:
|
||||
if module.check_mode:
|
||||
module.exit_json(changed=True)
|
||||
|
||||
set_masquerade_disabled(zone)
|
||||
changed=True
|
||||
msgs.append("Removed masquerade from zone %s" % (zone))
|
||||
|
||||
module.exit_json(changed=changed, msg=', '.join(msgs))
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue