saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

fix invalid icmp type handling in firewalld state

Browse source 
- Previously, it would log an error message for an invalid ICMP type and
not try to add it as an icmp-block. However, it would still report in
ret['changes'] that it had been added.
- Now, we will still log an error, but will not report the invalid
ICMP type in ret['changes']
This commit is contained in:
Neile Havens 2018-09-28 16:18:38 -05:00
parent 2d2e2eb5cc
commit 4f7c9147cd
No known key found for this signature in database
GPG key ID: 34C9F19F20B9C21A
1 changed files with 13 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
salt/states/firewalld.py
View file

@ -405,8 +405,6 @@ def _present(name,
return ret
if block_icmp:
new_icmp_types = set(block_icmp) - set(_current_icmp_blocks)
try:
_valid_icmp_types = __salt__['firewalld.get_icmp_types'](
permanent=True)
@ -414,17 +412,20 @@ def _present(name,
ret['comment'] = 'Error: {0}'.format(err)
return ret
# log errors for invalid ICMP types in block_icmp input
for icmp_type in set(block_icmp) - set(_valid_icmp_types):
log.error('%s is an invalid ICMP type', icmp_type)
block_icmp.remove(icmp_type)
new_icmp_types = set(block_icmp) - set(_current_icmp_blocks)
for icmp_type in new_icmp_types:
if icmp_type in _valid_icmp_types:
if not __opts__['test']:
try:
__salt__['firewalld.block_icmp'](name, icmp_type,
permanent=True)
except CommandExecutionError as err:
ret['comment'] = 'Error: {0}'.format(err)
return ret
else:
log.error('%s is an invalid ICMP type', icmp_type)
if not __opts__['test']:
try:
__salt__['firewalld.block_icmp'](name, icmp_type,
permanent=True)
except CommandExecutionError as err:
ret['comment'] = 'Error: {0}'.format(err)
return ret
if prune_block_icmp:
old_icmp_types = set(_current_icmp_blocks) - set(block_icmp)