Back to bug 2229802
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2023-08-07 18:01:35 UTC | Pool ID | sst_system_roles_rhel_9 | |
| Red Hat One Jira (issues.redhat.com) | 2023-08-07 18:05:17 UTC | Link ID | Red Hat Issue Tracker RHELPLAN-164765 | |
| Rich Megginson | 2023-08-07 19:15:39 UTC | Doc Type | If docs needed, set a value | Enhancement |
| Target Release | --- | 9.3 | ||
| Status | NEW | ASSIGNED | ||
| RHEL Program Management | 2023-08-07 19:15:48 UTC | Keywords | Triaged | |
| Rich Megginson | 2023-08-07 19:17:02 UTC | CC | djez, jharuda, vdanek | |
| Flags | needinfo?(djez) needinfo?(jharuda) needinfo?(vdanek) | |||
| Jakub Haruda | 2023-08-08 13:23:26 UTC | Flags | needinfo?(jharuda) | |
| Rich Megginson | 2023-08-09 23:10:39 UTC | Status | ASSIGNED | POST |
| Link ID | Github linux-system-roles/firewall/pull/166 | |||
| Rich Megginson | 2023-08-10 00:09:59 UTC | Fixed In Version | rhel-system-roles-1.22.0-0.20.el9 | |
| Status | POST | MODIFIED | ||
| errata-xmlrpc | 2023-08-10 00:55:56 UTC | Status | MODIFIED | ON_QA |
| Jakub Haruda | 2023-08-10 08:09:12 UTC | QA Contact | rhel-cs-system-management-subsystem-qe | jharuda |
| Rich Megginson | 2023-08-10 13:38:43 UTC | Doc Text | User can specify `state: present` or `state: absent` and `permanent: true` with new ipset arguments to configure ipsets for use in zones using the `source` argument - firewall_lib.py - new argument: ipset - name of ipset - new argument: ipset_type - type of ipset - new argument: ipset_entry - contents of ipset - protections against failure in check mode when enabling and disabling ipsets for zones - new file: tests/tests_ipsets.yml - tests user defined ipsets (create, modify, delete, use) - tests: unit: new test cases for triggering ipset warnings and errors - docs: README, firewall_lib DOCUMENTATION for ipset feature Enhancement: Users can define, modify, and delete ipsets using the system role, which can be added to and removed from zones or be used when defining rich rules. Reason: IPSets make firewalld configuration much easier to maintain: - Rich rules defining rules for many IP addresses can be made much smaller - Allows for semantic grouping of IP addresses Also, brings the srole closer to being a full solution for managing firewalld configuration. Result: Users should be able to manage ipsets using the firewall system role using the following arguments: - `ipset` - `ipset_type` - `ipset_entries` - `short` - `description` - `state: present` or `state: absent` - `permanent: true` Issue Tracker Tickets (Jira or BZ if any): GitHub Issue #106 BZ 2140880 - https://bugzilla.redhat.com/show_bug.cgi?id=2140880 |
|
| Vaclav Danek | 2023-08-14 13:55:30 UTC | Flags | needinfo?(vdanek) | |
| Status | ON_QA | VERIFIED | ||
| QA Contact | jharuda | vdanek |
Back to bug 2229802