Bug 2140880

Summary: missing module in linux-system-roles.firewall to create an ipset
Product: Red Hat Enterprise Linux 8 Reporter: Takashi Sugimura <tsugimur>
Component: rhel-system-rolesAssignee: Rich Megginson <rmeggins>
Status: CLOSED ERRATA QA Contact: David Jež <djez>
Severity: medium Docs Contact: Jaroslav Klech <jklech>
Priority: unspecified    
Version: 8.6CC: briasmit, bsmit, djez, jeharris, jharuda, jklech, myllynen, rmeggins, spetrosi, vdanek, vpunj
Target Milestone: rcKeywords: Triaged
Target Release: 8.9Flags: vpunj: needinfo+
pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: role:firewall
Fixed In Version: rhel-system-roles-1.22.0-0.20.el8 Doc Type: Enhancement
Doc Text:
.`firewall` RHEL System Role supports variables related to `ipsets` With this update of the `firewall` RHEL System Role, you can define, modify, and delete `ipsets`. Also, you can add and remove those `ipsets` from firewall zones. Alternatively, you can use those `ipsets` when defining firewall rich rules. You can manage `ipsets` with the `firewall` RHEL System Role using the following variables: * `ipset` * `ipset_type` * `ipset_entries` * `short` * `description` * `state: present` or `state: absent` * `permanent: true` The following are some notable benefits of this enhancement: * You can reduce the complexity of the rich rules that define rules for many IP addresses. * You can add or remove IP addresses from sets as needed without modifying multiple rules. For more details, see resources in the `/usr/share/doc/rhel-system-roles/firewall/` directory.
 Story Points: ---
Clone Of:
: 2229802 (view as bug list) Environment:
Last Closed: 2023-11-14 15:31:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2229802    

Description Takashi Sugimura 2022-11-08 02:36:56 UTC 
Description of problem:

I would like to run the command like "firewall-cmd --new-ipset=foobar --permanent --type=hash:ip" in a playbook rather than using a command module.


Version-Release number of selected component (if applicable):

I believe it doesn't depend on the RHEL version actually, but I set RHEL 8.6 as the latest version.


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

I searched the ansible.posix.firewalld module as well but it doesn't have a feature to create the ipset.
Comment 7 Jeremy Harris 2023-07-14 09:04:29 UTC 
Also requested for RHEL 9
Comment 8 Rich Megginson 2023-08-01 18:30:21 UTC 
Can someone check out and try the proposed PR https://github.com/linux-system-roles/firewall/pull/166 ?
Comment 22 errata-xmlrpc 2023-11-14 15:31:16 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:6946
Comment 23 Red Hat Bugzilla 2024-03-14 04:25:14 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days