tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added support for deploying custom firewall configs.

Browse source
This commit is contained in:
Timo Mkinen 2009-09-11 15:15:39 +03:00
parent 44882c51c6
commit 6124a234a3
1 changed files with 75 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

80
firewall/manifests/init.pp
View file

@ -1,4 +1,3 @@
# Enable firewall and install defined rules
#
# Rules are readed from variable $firewall_rules which needs to be an
@ -30,9 +29,36 @@ class firewall {
}
# Enable firewall and install custom config file
#
# Config file is searched in following order:
#
# puppet:///files/firewall/${config}.${fqdn}
# puppet:///files/firewall/${config}
#
# where config is firewall configuration file name
# (iptables or pf.conf).
#
class firewall::custom {
case $operatingsystem {
centos,fedora: {
include firewall::custom::iptables
}
openbsd: {
include firewall::custom::pf
}
default: {
fail("Firewall module not supported in ${operatingsystem}")
}
}
}
# Linux iptables handler.
#
class firewall::iptables {
class firewall::common::iptables {
package { [ "iptables" ]:
ensure => installed,
@ -40,7 +66,6 @@ class firewall::iptables {
file { "/etc/sysconfig/iptables":
ensure => present,
content => template("firewall/iptables.erb"),
mode => 0600,
owner => root,
group => root,
@ -59,13 +84,35 @@ class firewall::iptables {
}
# Linux iptables handler to install default firewall config.
#
class firewall::iptables inherits firewall::common::iptables {
File["/etc/sysconfig/iptables"] {
content => template("firewall/iptables.erb"),
}
}
# Linux iptables handler to install custom firewall config.
#
class firewall::custom::iptables inherits firewall::common::iptables {
File["/etc/sysconfig/iptables"] {
source => [ "puppet:///files/firewall/iptables.${fqdn}",
"puppet:///files/firewall/iptables", ],
}
}
# OpenBSD Packet Filter handler
#
class firewall::pf {
class firewall::common::pf {
file { "/etc/pf.conf":
ensure => present,
content => template("firewall/pf.conf.erb"),
mode => 0600,
owner => root,
group => wheel,
@ -78,3 +125,26 @@ class firewall::pf {
}
}
# OpenBSD Packet Filter handler for default config.
#
class firewall::pf inherits firewall::common::pf {
File["/etc/pf.conf"] {
content => template("firewall/pf.conf.erb"),
}
}
# OpenBSD Packet Filter handler for custom config.
#
class firewall::custom::pf inherits firewall::common::pf {
File["/etc/pf.conf"] {
source => [ "puppet:///files/firewall/pf.conf.${fqdn}",
"puppet:///files/firewall/pf.conf", ],
}
}