Merge tmakinen/puppet
Conflicts: dovecot/manifests/init.pp libvirt/manifests/init.pp munin/manifests/init.pp puppet/manifests/init.pp tftp/manifests/init.pp
This commit is contained in:
Ossi Salmi
commit
98767cfb2a
45 changed files with 5517 additions and 156 deletions
|
|
@ -17,6 +17,11 @@
|
|||
#
|
||||
# $firewall_custom = [ "pass in quick carp", ]
|
||||
#
|
||||
# Loading of extra modules is supported on centos. For example FTP
|
||||
# support for iptables:
|
||||
#
|
||||
# $firewall_modules = [ "nf_conntrack_ftp", ]
|
||||
|
||||
class firewall {
|
||||
|
||||
if ! $firewall_custom {
|
||||
|
|
@ -117,6 +122,14 @@ class firewall::common::iptables {
|
|||
hasrestart => true,
|
||||
require => Package["iptables"],
|
||||
}
|
||||
if $firewall_modules {
|
||||
$firewall_modules_str = inline_template('<%= @firewall_modules.join(" ") -%>')
|
||||
augeas { "iptables-config":
|
||||
context => "/files/etc/sysconfig/iptables-config",
|
||||
changes => [ "set IPTABLES_MODULES '${firewall_modules_str}'" ],
|
||||
notify => Service["iptables"],
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
<% end -%>
|
||||
-A INPUT -p ipv6-icmp -j ACCEPT
|
||||
<%
|
||||
firewall_rules.each do |rule|
|
||||
@firewall_rules.each do |rule|
|
||||
rule = /(tcp|udp)\/([\d:]+)( .+)?/.match(rule)
|
||||
if not rule[3] or IPAddr.new(rule[3].strip()).ipv6?
|
||||
-%>
|
||||
|
|
@ -22,7 +22,7 @@
|
|||
<%
|
||||
end
|
||||
end
|
||||
firewall_custom.each do |rule|
|
||||
@firewall_custom.each do |rule|
|
||||
-%>
|
||||
<%= rule %>
|
||||
<% end -%>
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
-A INPUT -p icmp --icmp-type any -j ACCEPT
|
||||
<%
|
||||
firewall_rules.each do |rule|
|
||||
@firewall_rules.each do |rule|
|
||||
rule = /(tcp|udp)\/([\d:]+)( .+)?/.match(rule)
|
||||
if not rule[3] or IPAddr.new(rule[3].strip()).ipv4?
|
||||
-%>
|
||||
|
|
@ -16,7 +16,7 @@
|
|||
<%
|
||||
end
|
||||
end
|
||||
firewall_custom.each do |rule|
|
||||
@firewall_custom.each do |rule|
|
||||
-%>
|
||||
<%= rule %>
|
||||
<% end -%>
|
||||
|
|
|
|||
|
|
@ -8,10 +8,10 @@ pass out all
|
|||
pass in quick inet proto icmp all
|
||||
pass in quick inet6 proto icmp6 all
|
||||
|
||||
<% firewall_rules.each do |rule| -%>
|
||||
<% @firewall_rules.each do |rule| -%>
|
||||
<% rule = /(tcp|udp)\/([\d:]+)( .+)?/.match(rule) -%>
|
||||
pass in quick proto <%= rule[1] %><% if rule[3] %> from<%= rule[3] %><% end %> to port <%= rule[2] %>
|
||||
<% end -%>
|
||||
<% firewall_custom.each do |rule| -%>
|
||||
<% @firewall_custom.each do |rule| -%>
|
||||
<%= rule %>
|
||||
<% end -%>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue