From 50cf5bca3393a3207bafc8f6a97eb0dc3f5869a5 Mon Sep 17 00:00:00 2001
From: FlatKey <FlatKey@users.noreply.github.com>
Date: Fri, 6 May 2016 02:29:52 +0200
Subject: [PATCH] added configurability of port definitions

---
 README.md      | 22 ++++++++++++++++++++++
 meta/main.yml  |  2 +-
 tasks/main.yml |  7 +++++++
 3 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 4f14a49..4bc0046 100644
--- a/README.md
+++ b/README.md
@@ -7,6 +7,7 @@ Config options:
 * policy
 * state
 * booleans
+* ports
 
 Requirements
 ------------
@@ -37,6 +38,18 @@ The following variables are used to toggle SELinux booleans:
         persistent: (optional, only values: yes|no, default: yes)
 ```
 
+---
+
+The following variables are used to configure SELinux ports: 
+
+```
+    selinux_ports: 
+      name_of_selinux_type:
+        ports: (required, port or port range)
+        protocol: (optional, only values: tcp|udp default: tcp)
+        state: (optional, only values: present|absent, default: present)
+```
+
 Example Playbook
 ----------------
 
@@ -57,6 +70,15 @@ Example Playbook
           httpd_can_sendmail:
             state: yes
             persistent: yes
+        selinux_ports:
+          ssh_port_t:
+            ports: 2222
+            protocol: tcp
+            state: present
+          http_port_t:
+            ports: 9000-9004
+            protocol: tcp
+            state: present
 ```
 
 License
diff --git a/meta/main.yml b/meta/main.yml
index 631521e..758f203 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,7 +1,7 @@
 ---
 galaxy_info:
   author: FlatKey
-  description: Advanced Base role to configure SELinux through variables. You can configure SELinux policy, state and booleans.
+  description: Advanced Base role to configure SELinux through variables. You can configure SELinux policy, state, booleans and ports.
   license: MIT
   min_ansible_version: 2.0
   platforms:
diff --git a/tasks/main.yml b/tasks/main.yml
index d5ec0a5..19c90d5 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -2,9 +2,16 @@
 - name: ensure libselinux-python is installed
   yum: name=libselinux-python state=present
 
+- name: ensure policycoreutils-python is installed
+  yum: name=policycoreutils-python state=present
+
 - name: configure selinux policy and state
   selinux: conf={{selinux_config|default('/etc/selinux/config')}} policy={{selinux_policy|default('targeted')}} state={{selinux_state|default('enforcing')}}
 
 - name: toggle selinux booleans
   seboolean: name={{item.key}} state={{item.value.state|default('yes')}} persistent={{item.value.persistent|default('yes')}}
   with_dict: "{{selinux_boolean|default({})}}"
+
+- name: configure selinux network port definition
+  seport: setype={{item.key}} ports={{item.value.ports}} proto={{item.value.protocol|default('tcp')}} state={{item.value.state|default('present')}}
+  with_dict: "{{selinux_ports|default({})}}"