tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added support for custom rules in firewall module.

Browse source
This commit is contained in:
Timo Mkinen 2009-09-14 20:39:24 +03:00
parent d86de74c53
commit fec0f3bc73
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
firewall/templates/iptables.erb
View file

@ -11,6 +11,9 @@
<% rule = /(tcp|udp)\/(\d+)( .+)?/.match(rule) -%> <% rule = /(tcp|udp)\/(\d+)( .+)?/.match(rule) -%>
-A INPUT<% if rule[1] == "tcp" %> -m state --state NEW<% end %> -m <%= rule[1] %> -p <%= rule[1] %><% if rule[3] %> -s<%= rule[3] %><% end %> --dport <%= rule[2] %> -j ACCEPT -A INPUT<% if rule[1] == "tcp" %> -m state --state NEW<% end %> -m <%= rule[1] %> -p <%= rule[1] %><% if rule[3] %> -s<%= rule[3] %><% end %> --dport <%= rule[2] %> -j ACCEPT
<% end -%> <% end -%>
<% firewall_custom.each do |rule| -%>
<%= rule %>
<% end -%>
-A INPUT -p tcp -j REJECT --reject-with tcp-reset -A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j REJECT --reject-with icmp-port-unreachable -A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited

3
firewall/templates/pf.conf.erb
View file

@ -15,5 +15,8 @@ pass in quick inet6 proto icmp6 all
<% rule = /(tcp|udp)\/(\d+)( .+)?/.match(rule) -%> <% rule = /(tcp|udp)\/(\d+)( .+)?/.match(rule) -%>
pass in quick proto <%= rule[1] %><% if rule[3] %> from<%= rule[3] %><% end %> to port <%= rule[2] %> pass in quick proto <%= rule[1] %><% if rule[3] %> from<%= rule[3] %><% end %> to port <%= rule[2] %>
<% end -%> <% end -%>
<% firewall_custom.each do |rule| -%>
<%= rule %>
<% end -%>
pass out quick all pass out quick all