tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial support for firewall on debian and ubuntu systems.

Browse source
This commit is contained in:
Timo Mkinen 2010-10-28 22:37:01 +03:00
parent cfe4157f36
commit 5b36025d6c
1 changed files with 54 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

56
firewall/manifests/init.pp
View file

@ -27,7 +27,7 @@ class firewall {
} }
case $operatingsystem { case $operatingsystem {
centos,fedora: { centos,debian,fedora,ubuntu: {
include firewall::iptables include firewall::iptables
} }
openbsd: { openbsd: {
@ -54,7 +54,7 @@ class firewall {
class firewall::custom { class firewall::custom {
case $operatingsystem { case $operatingsystem {
centos,fedora: { centos,debian,fedora,ubuntu: {
include firewall::custom::iptables include firewall::custom::iptables
} }
openbsd: { openbsd: {
@ -72,13 +72,21 @@ class firewall::custom {
# #
class firewall::common::iptables { class firewall::common::iptables {
package { [ "iptables", "iptables-ipv6" ]: package { "iptables":
ensure => installed, name => $operatingsystem ? {
centos => [ "iptables", "iptables-ipv6" ],
debian => [ "iptables", "iptables-persistent" ],
fedora => [ "iptables", "iptables-ipv6" ],
ubuntu => [ "iptables", "iptables-persistent" ],
},
} }
$ip6states = versioncmp($kernelversion, "2.6.20")
file { "/etc/sysconfig/iptables": file { "/etc/sysconfig/iptables":
name => $operatingsystem ? {
debian => "/etc/iptables/rules",
ubuntu => "/etc/iptables/rules",
default => "/etc/sysconfig/iptables",
},
ensure => present, ensure => present,
mode => 0600, mode => 0600,
owner => root, owner => root,
@ -87,6 +95,9 @@ class firewall::common::iptables {
notify => Service["iptables"], notify => Service["iptables"],
} }
case $operatingsystem {
centos,fedora: {
$ip6states = versioncmp($kernelversion, "2.6.20")
file { "/etc/sysconfig/ip6tables": file { "/etc/sysconfig/ip6tables":
ensure => present, ensure => present,
mode => 0600, mode => 0600,
@ -95,15 +106,6 @@ class firewall::common::iptables {
require => Package["iptables-ipv6"], require => Package["iptables-ipv6"],
notify => Service["ip6tables"], notify => Service["ip6tables"],
} }
service { "iptables":
ensure => running,
enable => true,
hasstatus => true,
hasrestart => true,
require => Package["iptables"],
}
service { "ip6tables": service { "ip6tables":
ensure => running, ensure => running,
enable => true, enable => true,
@ -111,6 +113,26 @@ class firewall::common::iptables {
hasrestart => true, hasrestart => true,
require => Package["iptables-ipv6"], require => Package["iptables-ipv6"],
} }
}
}
service { "iptables":
name => $operatingsystem ? {
debian => "iptables-persistent",
ubuntu => "iptables-persistent",
default => "iptables",
},
ensure => running,
enable => true,
hasrestart => $operatingsystem ? {
centos => true,
debian => false,
fedora => true,
ubuntu => false,
},
status => "iptables -t filter --list --line-numbers | egrep '^1'",
require => Package["iptables"],
}
} }
@ -123,9 +145,13 @@ class firewall::iptables inherits firewall::common::iptables {
content => template("firewall/iptables.erb"), content => template("firewall/iptables.erb"),
} }
case $operatingsystem {
centos,fedora: {
File["/etc/sysconfig/ip6tables"] { File["/etc/sysconfig/ip6tables"] {
content => template("firewall/ip6tables.erb"), content => template("firewall/ip6tables.erb"),
} }
}
}
} }