Bugfix for ufw to support "logging" properly:

It's a separate parameter so updated docs and set it as mutually exclusive param.
Also due to an array construction typo it was not working in any situation (ufw LOGLEVEL was passed to cmd instead of ufw logging LOGLEVEL).

Also fixed doc and parameters parsing typo ("choises" should be "choices")
pull/6754/head
Ahti Kitsik 11 years ago
parent ddd68be4e0
commit e0f3105ef9

@ -1,6 +1,7 @@
#!/usr/bin/python #!/usr/bin/python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# (c) 2014, Ahti Kitsik <ak@ahtik.com>
# (c) 2014, Jarno Keskikangas <jarno.keskikangas@gmail.com> # (c) 2014, Jarno Keskikangas <jarno.keskikangas@gmail.com>
# (c) 2013, Aleksey Ovcharenko <aleksey.ovcharenko@gmail.com> # (c) 2013, Aleksey Ovcharenko <aleksey.ovcharenko@gmail.com>
# (c) 2013, James Martin <jmartin@basho.com> # (c) 2013, James Martin <jmartin@basho.com>
@ -27,7 +28,7 @@ short_description: Manage firewall with UFW
description: description:
- Manage firewall with UFW. - Manage firewall with UFW.
version_added: 1.6 version_added: 1.6
author: Aleksey Ovcharenko, Jarno Keskikangas author: Aleksey Ovcharenko, Jarno Keskikangas, Ahti Kitsik
notes: notes:
- See C(man ufw) for more examples. - See C(man ufw) for more examples.
requirements: requirements:
@ -65,12 +66,12 @@ options:
description: description:
- Add firewall rule - Add firewall rule
required: false required: false
choises: ['allow', 'deny', 'reject', 'limit'] choices: ['allow', 'deny', 'reject', 'limit']
log: log:
description: description:
- Log new connections matched to this rule - Log new connections matched to this rule
required: false required: false
choises: ['yes', 'no'] choices: ['yes', 'no']
from_ip: from_ip:
description: description:
- Source IP address. - Source IP address.
@ -111,7 +112,10 @@ options:
EXAMPLES = ''' EXAMPLES = '''
# Allow everything and enable UFW # Allow everything and enable UFW
ufw: state=enable policy=allow logging=on ufw: state=enabled policy=allow
# Set logging
ufw: logging=on
# Sometimes it is desirable to let the sender know when traffic is # Sometimes it is desirable to let the sender know when traffic is
# being denied, rather than simply ignoring it. In these cases, use # being denied, rather than simply ignoring it. In these cases, use
@ -163,8 +167,8 @@ def main():
argument_spec = dict( argument_spec = dict(
state = dict(default=None, choices=['enabled', 'disabled', 'reloaded', 'reset']), state = dict(default=None, choices=['enabled', 'disabled', 'reloaded', 'reset']),
default = dict(default=None, aliases=['policy'], choices=['allow', 'deny', 'reject']), default = dict(default=None, aliases=['policy'], choices=['allow', 'deny', 'reject']),
logging = dict(default=None, choises=['on', 'off', 'low', 'medium', 'high', 'full']), logging = dict(default=None, choices=['on', 'off', 'low', 'medium', 'high', 'full']),
direction = dict(default=None, choises=['in', 'incoming', 'out', 'outgoing']), direction = dict(default=None, choices=['in', 'incoming', 'out', 'outgoing']),
delete = dict(default=False, type='bool'), delete = dict(default=False, type='bool'),
insert = dict(default=None), insert = dict(default=None),
rule = dict(default=None, choices=['allow', 'deny', 'reject', 'limit']), rule = dict(default=None, choices=['allow', 'deny', 'reject', 'limit']),
@ -178,13 +182,14 @@ def main():
app = dict(default=None, aliases=['name']) app = dict(default=None, aliases=['name'])
), ),
supports_check_mode = True, supports_check_mode = True,
mutually_exclusive = [['app', 'proto']] mutually_exclusive = [['app', 'proto', 'logging']]
) )
cmds = [] cmds = []
def execute(cmd): def execute(cmd):
cmd = ' '.join(map(itemgetter(-1), filter(itemgetter(0), cmd))) cmd = ' '.join(map(itemgetter(-1), filter(itemgetter(0), cmd)))
cmds.append(cmd) cmds.append(cmd)
(rc, out, err) = module.run_command(cmd) (rc, out, err) = module.run_command(cmd)
@ -217,7 +222,7 @@ def main():
execute(cmd + [['-f'], [states[value]]]) execute(cmd + [['-f'], [states[value]]])
elif command == 'logging': elif command == 'logging':
execute(cmd + [[command, value]]) execute(cmd + [[command], [value]])
elif command == 'default': elif command == 'default':
execute(cmd + [[command], [value], [params['direction']]]) execute(cmd + [[command], [value], [params['direction']]])

Loading…
Cancel
Save