From 6a83a4a3932698ab663c209934cce9d29885a8b5 Mon Sep 17 00:00:00 2001
From: John Bowdre <john@bowdre.net>
Date: Tue, 28 Mar 2023 09:56:37 -0500
Subject: [PATCH] configure/unconfigure firewall

---
 srv/salt/webserver/init.sls      | 15 ++++++++++++---
 srv/salt/webserver/uninstall.sls |  9 +++++++++
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/srv/salt/webserver/init.sls b/srv/salt/webserver/init.sls
index b36f559..61a6545 100644
--- a/srv/salt/webserver/init.sls
+++ b/srv/salt/webserver/init.sls
@@ -13,13 +13,22 @@ install_html_file:
     - require:
       - pkg: {{ pillar['pkgs']['apache'] }}
 
-configure_firewall:
+configure_firewall_service:
   pkg.installed:
     - name: firewalld
+  firewalld.service:
+    - require:
+      - pkg: firewalld
+    - name: webserver
+    - ports:
+      - 80/tcp
+      - 443/tcp
+
+configure_firewall_zone:
   firewalld.present:
     - require:
       - pkg: firewalld
+      - firewalld: webserver
     - name: public
     - services:
-      - http
-      - https
\ No newline at end of file
+      - webserver
diff --git a/srv/salt/webserver/uninstall.sls b/srv/salt/webserver/uninstall.sls
index 6d22830..a28ac3b 100644
--- a/srv/salt/webserver/uninstall.sls
+++ b/srv/salt/webserver/uninstall.sls
@@ -5,3 +5,12 @@ uninstall_apache:
 remove_html_file:
   file.absent:
     - name: /var/www/html/index.html
+
+unconfigure_firewall:
+  module.run:
+    - firewalld.remove_service:
+      - service: webserver
+      - zone: public
+    - firewalld.delete_service:
+      - name: webserver
+