a7b81a9086
commented
1 year ago Note that I am not responsible for the firewall_rule-implementation for firewalld, I just added all the firewalld_* resources.
Your assumptions however, are correct. There is currently no way of adding rules in the firewalld_zone-resource, without deleting all the other rules in it. Since the dbus-interface of firewalld has a method called addRichRule, that allows adding a rich rule to a zone, it should not be that much work to add this functionality.
I currently do not have that much spare time, so it may take some time for me to do it.
As a workaround, I can only suggest to specify an array of rich rules as argument to the rules_str-property of the firewalld_zone-resource.
:speaking_head: Foreword
Thank for taking the time to fill this feature request fully. Without it we may not be able to , and the issue may be closed without resolution.
:person_frowning: Problem Statement
I've recently begun trying to apply this cookbook after coming from the now-defunct firewalld cookbook, and am getting confounded by the application of rules to firewalld zones. I have a rather complicated zone that encompasses a collection of IP ranges and netmasks, for which I want to apply most of my rules. Any standard rule or rich rule I apply using the
firewalld_zoneresource overwrites any existing rules. And if I use the simpler approach of using thefirewall_ruleresource, I need to specify the source for each rule, and with many rules and many sources for each one, that gets unwieldy.:grey_question: Possible Solution
It would be nice to be able to either:
firewall_ruleresource, specify a firewalld zone instead of an array of IP addresses/ranges; orfirewalld_zoneresource, specify a rule or rich rule that does not overwrite any existing rules for that zone.Or is there a completely different and better approach to this that I'm missing?