tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added support for opening port ranges into firewall module.

Browse source
This commit is contained in:
Timo Mkinen 2009-11-25 13:10:45 +02:00
parent 29eac7c7aa
commit 130b585eea
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
firewall/templates/iptables.erb
View file

@ -8,7 +8,7 @@
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp --icmp-type any -j ACCEPT
<% firewall_rules.each do |rule| -%>
<% rule = /(tcp|udp)\/(\d+)( .+)?/.match(rule) -%>
<% rule = /(tcp|udp)\/([\d:]+)( .+)?/.match(rule) -%>
-A INPUT<% if rule[1] == "tcp" %> -m state --state NEW<% end %> -m <%= rule[1] %> -p <%= rule[1] %><% if rule[3] %> -s<%= rule[3] %><% end %> --dport <%= rule[2] %> -j ACCEPT
<% end -%>
<% firewall_custom.each do |rule| -%>

2
firewall/templates/pf.conf.erb
View file

@ -9,7 +9,7 @@ pass in quick inet proto icmp all
pass in quick inet6 proto icmp6 all
<% firewall_rules.each do |rule| -%>
<% rule = /(tcp|udp)\/(\d+)( .+)?/.match(rule) -%>
<% rule = /(tcp|udp)\/([\d:]+)( .+)?/.match(rule) -%>
pass in quick proto <%= rule[1] %><% if rule[3] %> from<%= rule[3] %><% end %> to port <%= rule[2] %>
<% end -%>
<% firewall_custom.each do |rule| -%>