Add service_absent and service_present, service become an alias to service_present
Add zone_absent and zone_present, present become an alias to zone_present
Add ipset_absent and ipset_present with necessary functions in firewalld module
add option to some functions to skip check in order to speed up executions
Add target option to zone_present

Merge requirements satisfied?

[NOTICE] Bug fixes or features added to Salt require tests.

[X ] Docs
Changelog -https://docs.saltproject.io/en/master/topics/development/changelog.html
Tests written/updated

Commits signed with GPG?

enhance firewalld modules and states with ipset, zone_absent,

be8dbc5

service_absent

remijouannet requested a review froma team as acode owner

March 6, 2025 13:07

remijouannet temporarily deployed to ci

March 6, 2025 13:08

— with

GitHub Actions Inactive

Copy link

ContributorAuthor

remijouannet commentedMar 6, 2025

states that i've used to test my changes

firewalld:  pkg.installedfirewalld_service:  service.running:    - name: firewalld    - enable: Trueservice_http0:  firewalld.service_present:    - name: http0    - ports:      - 8000/tcpservice_http1:  firewalld.service_present:    - name: http1    - ports:      - 8000/tcpservice_http2:  firewalld.service:    - name: http2    - ports:      - 8000/tcpipset_adm:  firewalld.ipset_present:    - name: adm    - ipset_type: hash:net    - entries:      - 10.0.0.0/24ipset_svc1:  firewalld.ipset_present:    - name: svc1    - ipset_type: hash:net    - entries:      - 10.0.1.0/24ipset_svc2:  firewalld.ipset_present:    - name: svc2    - ipset_type: hash:net    - entries:      - 10.0.2.0/24ipset_svc3:  firewalld.ipset_present:    - name: svc3    - ipset_type: hash:net    - entries:      - 10.0.3.0/24zone_svc1:  firewalld.zone_present:    - name: test1    - target: DROP    - interfaces:      - eth0    - prune_rich_rules: True    - rich_rules:      - rule protocol value="icmp" accept      - rule service name="ssh" accept      - rule family="ipv4" source ipset="adm" accept      - rule family="ipv4" source ipset="svc1" accept      - rule family="ipv4" source ipset="svc3" service name="http0" accepttest_ipset:  firewalld.ipset_absent:    - name: test1

firewalld:  pkg.installedfirewalld_service:  service.running:    - name: firewalld    - enable: Truezone_svc4:  firewalld.zone_absent:    - name: test2zone_svc1:  firewalld.zone_absent:    - name: test1service_http0:  firewalld.service_absent:    - name: http0service_http1:  firewalld.service_absent:    - name: http0service_http2:  firewalld.service_absent:    - name: http0ipset_adm:  firewalld.ipset_absent:    - name: admipset_svc1:  firewalld.ipset_absent:    - name: svc1ipset_svc2:  firewalld.ipset_absent:    - name: svc2ipset_svc3:  firewalld.ipset_absent:    - name: svc3test_ipset:  firewalld.ipset_absent:    - name: test1

firewalld:  pkg.installedfirewalld_service:  service.running:    - name: firewalld    - enable: Trueservice_http0:  firewalld.service_present:    - name: http0    - ports:      - 8000/tcpservice_http1:  firewalld.service_absent:    - name: http1service_http2:  firewalld.service:    - name: http2    - ports:      - 8001/tcpipset_adm:  firewalld.ipset_present:    - name: adm    - ipset_type: hash:net    - entries:      - 10.0.0.0/24      - 10.2.0.0/24ipset_svc1:  firewalld.ipset_present:    - name: svc1    - ipset_type: hash:net    - entries:      - 10.0.1.0/24ipset_svc2:  firewalld.ipset_absent:    - name: svc2ipset_svc3:  firewalld.ipset_present:    - name: svc3    - ipset_type: hash:net    - entries:      - 10.0.3.0/24zone_svc1:  firewalld.zone_present:    - name: test2    - target: DROP    - interfaces:      - eth0    - prune_rich_rules: True    - rich_rules:      - rule protocol value="icmp" accept      - rule service name="ssh" accept      - rule family="ipv4" source ipset="adm" accept      - rule family="ipv4" source ipset="svc1" accept      - rule family="ipv4" source ipset="svc3" service name="http0" accept