Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(SIMP-7538) Fix firewall service name strings #74

Merged
merged 5 commits into from
Mar 16, 2020
Merged

(SIMP-7538) Fix firewall service name strings #74

merged 5 commits into from
Mar 16, 2020

Conversation

trevor-vaughan
Copy link
Member

  • Bump upstream firewalld to 4.2.2 for backend selection support
  • Set the default backend to 'iptables' to work around nftables bugs
  • Ensure that firewalld service names do not contain a '.' character
  • Fix missing entries in REFERENCE.md

SIMP-7538 #close

@trevor-vaughan
(SIMP-7538) Fix firewall service name strings
4ba4d64 
* Bump upstream firewalld to 4.2.2 for backend selection support
* Set the default backend to 'iptables' to work around nftables bugs
* Ensure that firewalld service names do not contain a '.' character
* Fix missing entries in REFERENCE.md

SIMP-7538 #close
lnemsick-simp
lnemsick-simp suggested changes Mar 3, 2020
View reviewed changes
Copy link
Contributor

@lnemsick-simp lnemsick-simp left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed the name of the sshd_allow rule to sshd_allow_0.0.0.0 in the firewalld acceptance test, and the generated firewalld service file was named incorrectly (i.e., still had dots in it).

@lnemsick-simp
Copy link
Contributor

All branches in the iptables::firewalld::rule define code need to be tested to verify safe name substitution is done appropriately.

@trevor-vaughan
Copy link
Member Author

@lnemsick-simp Honestly, I should probably just PR this to the upstream project since that will be FAR easier to get coverage on given that it's the base types that would do the work and usage outside of this module wouldn't suffer.

@trevor-vaughan
Copy link
Member Author

voxpupuli/puppet-firewalld#265

@trevor-vaughan
Copy link
Member Author

Relevant upstream PR voxpupuli/puppet-firewalld#266

@lnemsick-simp
Copy link
Contributor

https://gitlab.com/simp/pupmod-simp-iptables/pipelines/126180066

@lnemsick-simp lnemsick-simp merged commit edbbef5 into simp:master Mar 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lnemsick-simp lnemsick-simp lnemsick-simp approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@trevor-vaughan @lnemsick-simp