tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
puppet/firewall/manifests/init.pp

80 lines
1.4 KiB
Puppet
Raw Blame History

# Enable firewall and install defined rules
#
# Rules are readed from variable $firewall_rules which needs to be an
# array containing list of opened services in format:
#
# <proto>/<port> [source]
#
# for example:
#
# tcp/80 192.168.1.0/24
#
# If source is left out the service will be opened to all connecting
# hosts.
#
class firewall {
case $operatingsystem {
centos,fedora: {
include firewall::iptables
}
openbsd: {
include firewall::pf
}
default: {
fail("Firewall module not supported in ${operatingsystem}")
}
}
}
# Linux iptables handler.
#
class firewall::iptables {
package { [ "iptables" ]:
ensure => installed,
}
file { "/etc/sysconfig/iptables":
ensure => present,
content => template("firewall/iptables.erb"),
mode => 0600,
owner => root,
group => root,
require => Package["iptables"],
notify => Service["iptables"],
}
service { "iptables":
ensure => running,
enable => true,
hasstatus => true,
hasrestart => true,
require => Package["iptables"],
}
}
# OpenBSD Packet Filter handler
#
class firewall::pf {
file { "/etc/pf.conf":
ensure => present,
content => template("firewall/pf.conf.erb"),
mode => 0600,
owner => root,
group => wheel,
notify => Exec["pfctl -f /etc/pf.conf"],
}
exec { "pfctl -f /etc/pf.conf":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
}
}
Reference in a new issue View git blame Copy permalink