Manage policies

[zanna-37]

What would you like to be added:
I would like to add and modify policies in the same way services are modified.

    firewall:
      - policy: test
        priority: -15000
        target: CONTINUE
        ingress-zones: eth1
        egress-zones: eth2
        state: present
        permanent: true

See also: https://firewalld.org/2020/09/policy-objects-introduction

[zanna-37]

Any changes for this being implemented?

[richm]

Any changes for this being implemented?

No plans currently.

[Markus-]

So, what is about policies in general. In the readme they are mentioned in three or four places, but at a first glance they are not handled in any examples or code?

Is there any possiblity to use policies right now or do I have to use template-files and put them onto the system outside this role?

[richm]

So, what is about policies in general. In the readme they are mentioned in three or four places, but at a first glance they are not handled in any examples or code?

If you are referring to https://github.com/linux-system-roles/firewall#available-ansible-facts
They are only returned when you retrieve the firewall facts. The role does not allow you to manage them.

Is there any possiblity to use policies right now

No.

or do I have to use template-files and put them onto the system outside this role?

Yes.

[Markus-]

Ah, sorry - I missed the headline :(

Thanks for the hint.
Any tips for managing the firewall with a combination of manual templated files and this role?

[richm]

Ah, sorry - I missed the headline :(

Thanks for the hint. Any tips for managing the firewall with a combination of manual templated files and this role?

note that if you use previous: replaced - https://github.com/linux-system-roles/firewall#previous
it will erase all files under /etc/firewalld/**/*.xml - so if you manage policy files under /etc/firewalld/policies/*.xml, you should do that after using the firewall role if you plan to use previous: replaced.