Bug 2130344

Summary: [RFE] vpn: convert vpn role to use firewall and selinux role
Product: Red Hat Enterprise Linux 9 Reporter: Noriko Hosoi <nhosoi>
Component: rhel-system-rolesAssignee: Rich Megginson <rmeggins>
Status: CLOSED ERRATA QA Contact: Evgeny Fedin <efedin>
Severity: unspecified Docs Contact: Jan Fiala <jafiala>
Priority: unspecified    
Version: 9.2CC: djez, efedin, lmanasko, pasik, rmeggins, spetrosi
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: 9.2Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: role:vpn
Fixed In Version: rhel-system-roles-1.21.0-0.5.el9 Doc Type: Enhancement
Doc Text:
.The `vpn` RHEL System Role can now use the `firewall` and `selinux` roles to manage port access With this enhancement, you can automate managing port access in the `vpn` RHEL System Role through the `firewall` and `selinux` roles. If you set the new role variables `vpn_manage_firewall` and `vpn_manage_selinux` to `true`, the roles manage port access.
 Story Points: ---
Clone Of:
: 2130345 (view as bug list) Environment:
Last Closed: 2023-05-09 07:37:56 UTC Type: Enhancement
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2130345    

Description Noriko Hosoi 2022-09-27 21:02:39 UTC 
Description of problem:

The vpn role can use the firewall role and the selinux role to manage port access.

- vpn_manage_firewall

If set to true, enable the IPsec ports, 500/UDP, 4500/UDP, and 4500/TCP for the IKE, ESP, and AH protocols using the firewall role. If false, the `vpn role` does not manage the firewall. Default to false.

- vpn_manage_selinux

If set to true, manage the IPsec ports, 500/UDP, 4500/UDP, and 4500/TCP using the selinux role. If false, the `vpn role` does not manage the selinux. Default to false.

NOTE: The firewall configuration is prerequisite for managing selinux. If the
firewall is not installed, managing selinux policy is skipped.
Comment 16 errata-xmlrpc 2023-05-09 07:37:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:2246