keep force_masquerade

doc/topics/releases/neon.rst

@@ -167,12 +167,6 @@ Fileserver Deprecations
     - The ``svnfs_env_whitelist`` config option has been removed in favor of ``svnfs_saltenv_whitelist``.
     - The ``svnfs_env_blacklist`` config option has been removed in favor of ``svnfs_saltenv_blacklist``.
 
-- The :py:mod`firewalld <salt.states.firewalld>` state has been changed as follows:
-
-    - The default setting for the ``prune_services`` option in the
-      :py:func:`firewalld.present <salt.states.firewalld.present>` function has changed
-      from ``True`` to ``False``.
-
 Engine Removal
 --------------
 
@@ -186,18 +180,6 @@ Returner Removal
   to Slack, the :py:func:`slack <salt.returners.slack_returner>` returner may be a suitable
   replacement.
 
-- The :py:mod`firewalld <salt.modules.firewalld>` module has been changed as
-  follows:
-
-    - Support for the ``force_masquerade`` option has been removed from the
-      :py:func:`firewalld.add_port <salt.module.firewalld.add_port` function. Please
-      use the :py:func:`firewalld.add_masquerade <salt.modules.firewalld.add_masquerade`
-      function instead.
-    - Support for the ``force_masquerade`` option has been removed from the
-      :py:func:`firewalld.add_port_fwd <salt.module.firewalld.add_port_fwd` function. Please
-      use the :py:func:`firewalld.add_masquerade <salt.modules.firewalld.add_masquerade`
-      function instead.
-
 Grain Deprecations
 ------------------
 

salt/modules/firewalld.py

@@ -617,7 +617,7 @@ def remove_masquerade(zone=None, permanent=True):
     return __firewall_cmd(cmd)
 
 
-def add_port(zone, port, permanent=True):
+def add_port(zone, port, permanent=True, force_masquerade=False):
     '''
     Allow specific ports in a zone.
 
@@ -628,7 +628,14 @@ def add_port(zone, port, permanent=True):
     .. code-block:: bash
 
         salt '*' firewalld.add_port internal 443/tcp
+
+    force_masquerade
+        when a zone is created ensure masquerade is also enabled
+        on that zone.
     '''
+    if force_masquerade and not get_masquerade(zone):
+        add_masquerade(zone)
+
     cmd = '--zone={0} --add-port={1}'.format(zone, port)
 
     if permanent:
@@ -677,7 +684,7 @@ def list_ports(zone, permanent=True):
     return __firewall_cmd(cmd).split()
 
 
-def add_port_fwd(zone, src, dest, proto='tcp', dstaddr='', permanent=True):
+def add_port_fwd(zone, src, dest, proto='tcp', dstaddr='', permanent=True, force_masquerade=False):
     '''
     Add port forwarding.
 
@@ -688,7 +695,14 @@ def add_port_fwd(zone, src, dest, proto='tcp', dstaddr='', permanent=True):
     .. code-block:: bash
 
         salt '*' firewalld.add_port_fwd public 80 443 tcp
+
+    force_masquerade
+        when a zone is created ensure masquerade is also enabled
+        on that zone.
     '''
+    if force_masquerade and not get_masquerade(zone):
+        add_masquerade(zone)
+
     cmd = '--zone={0} --add-forward-port=port={1}:proto={2}:toport={3}:toaddr={4}'.format(
         zone,
         src,

salt/states/firewalld.py

@@ -501,7 +501,6 @@ def _present(name,
         for port in new_ports:
             if not __opts__['test']:
                 try:
-                    # TODO: force_masquerade to be removed in future release
                     __salt__['firewalld.add_port'](name, port, permanent=True, force_masquerade=False)
                 except CommandExecutionError as err:
                     ret['comment'] = 'Error: {0}'.format(err)
@@ -550,7 +549,6 @@ def _present(name,
         for fwd in new_port_fwd:
             if not __opts__['test']:
                 try:
-                    # TODO: force_masquerade to be removed in future release
                     __salt__['firewalld.add_port_fwd'](name, fwd.srcport,
                         fwd.destport, fwd.protocol, fwd.destaddr, permanent=True,
                         force_masquerade=False)