Added support for deploying custom firewall configs.
This commit is contained in:
parent
44882c51c6
commit
6124a234a3
1 changed files with 75 additions and 5 deletions
|
|
@ -1,4 +1,3 @@
|
||||||
|
|
||||||
# Enable firewall and install defined rules
|
# Enable firewall and install defined rules
|
||||||
#
|
#
|
||||||
# Rules are readed from variable $firewall_rules which needs to be an
|
# Rules are readed from variable $firewall_rules which needs to be an
|
||||||
|
|
@ -30,9 +29,36 @@ class firewall {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Enable firewall and install custom config file
|
||||||
|
#
|
||||||
|
# Config file is searched in following order:
|
||||||
|
#
|
||||||
|
# puppet:///files/firewall/${config}.${fqdn}
|
||||||
|
# puppet:///files/firewall/${config}
|
||||||
|
#
|
||||||
|
# where config is firewall configuration file name
|
||||||
|
# (iptables or pf.conf).
|
||||||
|
#
|
||||||
|
class firewall::custom {
|
||||||
|
|
||||||
|
case $operatingsystem {
|
||||||
|
centos,fedora: {
|
||||||
|
include firewall::custom::iptables
|
||||||
|
}
|
||||||
|
openbsd: {
|
||||||
|
include firewall::custom::pf
|
||||||
|
}
|
||||||
|
default: {
|
||||||
|
fail("Firewall module not supported in ${operatingsystem}")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
# Linux iptables handler.
|
# Linux iptables handler.
|
||||||
#
|
#
|
||||||
class firewall::iptables {
|
class firewall::common::iptables {
|
||||||
|
|
||||||
package { [ "iptables" ]:
|
package { [ "iptables" ]:
|
||||||
ensure => installed,
|
ensure => installed,
|
||||||
|
|
@ -40,7 +66,6 @@ class firewall::iptables {
|
||||||
|
|
||||||
file { "/etc/sysconfig/iptables":
|
file { "/etc/sysconfig/iptables":
|
||||||
ensure => present,
|
ensure => present,
|
||||||
content => template("firewall/iptables.erb"),
|
|
||||||
mode => 0600,
|
mode => 0600,
|
||||||
owner => root,
|
owner => root,
|
||||||
group => root,
|
group => root,
|
||||||
|
|
@ -59,13 +84,35 @@ class firewall::iptables {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Linux iptables handler to install default firewall config.
|
||||||
|
#
|
||||||
|
class firewall::iptables inherits firewall::common::iptables {
|
||||||
|
|
||||||
|
File["/etc/sysconfig/iptables"] {
|
||||||
|
content => template("firewall/iptables.erb"),
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Linux iptables handler to install custom firewall config.
|
||||||
|
#
|
||||||
|
class firewall::custom::iptables inherits firewall::common::iptables {
|
||||||
|
|
||||||
|
File["/etc/sysconfig/iptables"] {
|
||||||
|
source => [ "puppet:///files/firewall/iptables.${fqdn}",
|
||||||
|
"puppet:///files/firewall/iptables", ],
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
# OpenBSD Packet Filter handler
|
# OpenBSD Packet Filter handler
|
||||||
#
|
#
|
||||||
class firewall::pf {
|
class firewall::common::pf {
|
||||||
|
|
||||||
file { "/etc/pf.conf":
|
file { "/etc/pf.conf":
|
||||||
ensure => present,
|
ensure => present,
|
||||||
content => template("firewall/pf.conf.erb"),
|
|
||||||
mode => 0600,
|
mode => 0600,
|
||||||
owner => root,
|
owner => root,
|
||||||
group => wheel,
|
group => wheel,
|
||||||
|
|
@ -78,3 +125,26 @@ class firewall::pf {
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# OpenBSD Packet Filter handler for default config.
|
||||||
|
#
|
||||||
|
class firewall::pf inherits firewall::common::pf {
|
||||||
|
|
||||||
|
File["/etc/pf.conf"] {
|
||||||
|
content => template("firewall/pf.conf.erb"),
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# OpenBSD Packet Filter handler for custom config.
|
||||||
|
#
|
||||||
|
class firewall::custom::pf inherits firewall::common::pf {
|
||||||
|
|
||||||
|
File["/etc/pf.conf"] {
|
||||||
|
source => [ "puppet:///files/firewall/pf.conf.${fqdn}",
|
||||||
|
"puppet:///files/firewall/pf.conf", ],
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue