Skip to content

Commit

Permalink
Merge pull request #373 from jbirdman/requires_fixes
Browse files Browse the repository at this point in the history
Fixes ordering for ipsets so that ipsets are defined before they are used
  • Loading branch information
jcpunk authored Jun 26, 2024
2 parents 8d3ca02 + 103e7c5 commit 9ce513a
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 23 deletions.
8 changes: 6 additions & 2 deletions lib/puppet/type/firewalld_rich_rule.rb
Original file line number Diff line number Diff line change
Expand Up @@ -165,15 +165,19 @@ def elements
self[:policy] if self[:policy] != :unset
end

autorequire(:ipset) do
autorequire(:firewalld_ipset) do
self[:source]['ipset'] if self[:source].is_a?(Hash)
end

autorequire(:ipset) do
autorequire(:firewalld_ipset) do
self[:dest]['ipset'] if self[:dest].is_a?(Hash)
end

autorequire(:service) do
['firewalld']
end

autorequire(:firewalld_custom_service) do
self[:service]&.gsub(%r{[^\w-]}, '_')
end
end
42 changes: 21 additions & 21 deletions manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -182,14 +182,9 @@
enable => $service_enable,
}

# create ports
Firewalld_port {
zone => $default_port_zone,
protocol => $default_port_protocol,
}

$ports.each |String $key, Hash $attrs| {
firewalld_port { $key:
#...ipsets
$ipsets.each | String $key, Hash $attrs| {
firewalld_ipset { $key:
* => $attrs,
}
}
Expand All @@ -208,22 +203,21 @@
}
}

#...services
Firewalld_service {
zone => $default_service_zone,
# create ports
Firewalld_port {
zone => $default_port_zone,
protocol => $default_port_protocol,
}

$services.each | String $key, Hash $attrs| {
firewalld_service { $key:
$ports.each |String $key, Hash $attrs| {
firewalld_port { $key:
* => $attrs,
}
}

#...rich rules
$rich_rules.each | String $key, Hash $attrs| {
firewalld_rich_rule { $key:
* => $attrs,
}
#...services
Firewalld_service {
zone => $default_service_zone,
}

#...custom services
Expand All @@ -233,9 +227,8 @@
}
}

#...ipsets
$ipsets.each | String $key, Hash $attrs| {
firewalld_ipset { $key:
$services.each | String $key, Hash $attrs| {
firewalld_service { $key:
* => $attrs,
}
}
Expand All @@ -259,6 +252,13 @@
}
}

#...rich rules
$rich_rules.each | String $key, Hash $attrs| {
firewalld_rich_rule { $key:
* => $attrs,
}
}

Firewalld_direct_purge {
notify => Class['firewalld::reload'],
}
Expand Down

0 comments on commit 9ce513a

Please sign in to comment.