Merge pull request #6754 from ahtik/fix-ufw-take2
Bugfix to ufw module to properly support "logging" (and docfix for choises, choices):
This commit is contained in:
commit
322e7de843
1 changed files with 13 additions and 8 deletions
|
@ -1,6 +1,7 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
|
# (c) 2014, Ahti Kitsik <ak@ahtik.com>
|
||||||
# (c) 2014, Jarno Keskikangas <jarno.keskikangas@gmail.com>
|
# (c) 2014, Jarno Keskikangas <jarno.keskikangas@gmail.com>
|
||||||
# (c) 2013, Aleksey Ovcharenko <aleksey.ovcharenko@gmail.com>
|
# (c) 2013, Aleksey Ovcharenko <aleksey.ovcharenko@gmail.com>
|
||||||
# (c) 2013, James Martin <jmartin@basho.com>
|
# (c) 2013, James Martin <jmartin@basho.com>
|
||||||
|
@ -27,7 +28,7 @@ short_description: Manage firewall with UFW
|
||||||
description:
|
description:
|
||||||
- Manage firewall with UFW.
|
- Manage firewall with UFW.
|
||||||
version_added: 1.6
|
version_added: 1.6
|
||||||
author: Aleksey Ovcharenko, Jarno Keskikangas
|
author: Aleksey Ovcharenko, Jarno Keskikangas, Ahti Kitsik
|
||||||
notes:
|
notes:
|
||||||
- See C(man ufw) for more examples.
|
- See C(man ufw) for more examples.
|
||||||
requirements:
|
requirements:
|
||||||
|
@ -65,12 +66,12 @@ options:
|
||||||
description:
|
description:
|
||||||
- Add firewall rule
|
- Add firewall rule
|
||||||
required: false
|
required: false
|
||||||
choises: ['allow', 'deny', 'reject', 'limit']
|
choices: ['allow', 'deny', 'reject', 'limit']
|
||||||
log:
|
log:
|
||||||
description:
|
description:
|
||||||
- Log new connections matched to this rule
|
- Log new connections matched to this rule
|
||||||
required: false
|
required: false
|
||||||
choises: ['yes', 'no']
|
choices: ['yes', 'no']
|
||||||
from_ip:
|
from_ip:
|
||||||
description:
|
description:
|
||||||
- Source IP address.
|
- Source IP address.
|
||||||
|
@ -111,7 +112,10 @@ options:
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = '''
|
||||||
# Allow everything and enable UFW
|
# Allow everything and enable UFW
|
||||||
ufw: state=enable policy=allow logging=on
|
ufw: state=enabled policy=allow
|
||||||
|
|
||||||
|
# Set logging
|
||||||
|
ufw: logging=on
|
||||||
|
|
||||||
# Sometimes it is desirable to let the sender know when traffic is
|
# Sometimes it is desirable to let the sender know when traffic is
|
||||||
# being denied, rather than simply ignoring it. In these cases, use
|
# being denied, rather than simply ignoring it. In these cases, use
|
||||||
|
@ -163,8 +167,8 @@ def main():
|
||||||
argument_spec = dict(
|
argument_spec = dict(
|
||||||
state = dict(default=None, choices=['enabled', 'disabled', 'reloaded', 'reset']),
|
state = dict(default=None, choices=['enabled', 'disabled', 'reloaded', 'reset']),
|
||||||
default = dict(default=None, aliases=['policy'], choices=['allow', 'deny', 'reject']),
|
default = dict(default=None, aliases=['policy'], choices=['allow', 'deny', 'reject']),
|
||||||
logging = dict(default=None, choises=['on', 'off', 'low', 'medium', 'high', 'full']),
|
logging = dict(default=None, choices=['on', 'off', 'low', 'medium', 'high', 'full']),
|
||||||
direction = dict(default=None, choises=['in', 'incoming', 'out', 'outgoing']),
|
direction = dict(default=None, choices=['in', 'incoming', 'out', 'outgoing']),
|
||||||
delete = dict(default=False, type='bool'),
|
delete = dict(default=False, type='bool'),
|
||||||
insert = dict(default=None),
|
insert = dict(default=None),
|
||||||
rule = dict(default=None, choices=['allow', 'deny', 'reject', 'limit']),
|
rule = dict(default=None, choices=['allow', 'deny', 'reject', 'limit']),
|
||||||
|
@ -178,13 +182,14 @@ def main():
|
||||||
app = dict(default=None, aliases=['name'])
|
app = dict(default=None, aliases=['name'])
|
||||||
),
|
),
|
||||||
supports_check_mode = True,
|
supports_check_mode = True,
|
||||||
mutually_exclusive = [['app', 'proto']]
|
mutually_exclusive = [['app', 'proto', 'logging']]
|
||||||
)
|
)
|
||||||
|
|
||||||
cmds = []
|
cmds = []
|
||||||
|
|
||||||
def execute(cmd):
|
def execute(cmd):
|
||||||
cmd = ' '.join(map(itemgetter(-1), filter(itemgetter(0), cmd)))
|
cmd = ' '.join(map(itemgetter(-1), filter(itemgetter(0), cmd)))
|
||||||
|
|
||||||
cmds.append(cmd)
|
cmds.append(cmd)
|
||||||
(rc, out, err) = module.run_command(cmd)
|
(rc, out, err) = module.run_command(cmd)
|
||||||
|
|
||||||
|
@ -217,7 +222,7 @@ def main():
|
||||||
execute(cmd + [['-f'], [states[value]]])
|
execute(cmd + [['-f'], [states[value]]])
|
||||||
|
|
||||||
elif command == 'logging':
|
elif command == 'logging':
|
||||||
execute(cmd + [[command, value]])
|
execute(cmd + [[command], [value]])
|
||||||
|
|
||||||
elif command == 'default':
|
elif command == 'default':
|
||||||
execute(cmd + [[command], [value], [params['direction']]])
|
execute(cmd + [[command], [value], [params['direction']]])
|
||||||
|
|
Loading…
Reference in a new issue