shorewall/manifests/init.pp

class shorewall {
  include concat::setup

  $shorewalldir = "/tmp/shorewall"

  define shorewallfile () {
     $filename = "${shorewalldir}/${name}"
     $header = "puppet:///modules/shorewall/headers/${name}"
     $footer = "puppet:///modules/shorewall/footers/${name}"
     concat{$filename:
        owner => root,
        group => root,
        mode => 600,
     }

     concat::fragment{"${name}_header":
        target => $filename,
        order => 1,
        source => $header,
     }

     concat::fragment{"${name}_footer":
        target => $filename,
        order => 99,
        source => $footer,
     }
  }

  ### Rules
  shorewallfile{ rules: }
  define rule_line($order = 50) {
     $filename = "${shorewalldir}/rules"
     $line = "${name}\n"
     concat::fragment{"newline_${name}":
        target => $filename,
        order => $order,
        content => $line,
     }
  }
  class allow_ssh_in {
     rule_line { "ACCEPT all all tcp 22":
        order => 5,
     }
  }
  class allow_dns_in {
     rule_line { "ACCEPT net fw tcp 53": }
     rule_line { "ACCEPT net fw udp 53": }
  }
  class allow_smtp_in {
     rule_line { "ACCEPT net fw tcp 25": }
  }
  class allow_www_in {
     rule_line { "ACCEPT net fw tcp 80": }
  }

  ### Zones
  shorewallfile{ zones: }
  define zone_line($order = 50) {
     $filename = "${shorewalldir}/zones"
     $line = "${name}\n"
     concat::fragment{"newline_${name}":
        target => $filename,
        order => $order,
        content => $line,
     }
  }
  class default_zones {
     zone_line { "net     ipv4":
        order => 2,
     }
     zone_line { "fw      firewall":
        order => 3,
     }
  }

  ### Policy
  shorewallfile{ policy: }
  define policy_line($order = 50) {
     $filename = "${shorewalldir}/policy"
     $line = "${name}\n"
     concat::fragment{"newline_${name}":
        target => $filename,
        order => $order,
        content => $line,
     }
  }
  class default_policy {
     policy_line{ "fw   net     ACCEPT":
        order => 2,
     }
     policy_line{ "net  all     DROP    info":
        order => 3,
     }
     policy_line{ "all  all     REJECT  info":
        order => 4,
     }
  }

  class default_firewall {
     include default_zones
     include default_policy
     include allow_ssh_in
  }
}
1	boklm	242	class shorewall {
2			include concat::setup
3
4	boklm	252	$shorewalldir = "/tmp/shorewall"
5
6	boklm	242	define shorewallfile () {
7	boklm	252	$filename = "${shorewalldir}/${name}"
8	boklm	242	$header = "puppet:///modules/shorewall/headers/${name}"
9			$footer = "puppet:///modules/shorewall/footers/${name}"
10			concat{$filename:
11			owner => root,
12			group => root,
13			mode => 600,
14			}
15
16			concat::fragment{"${name}_header":
17			target => $filename,
18			order => 1,
19			source => $header,
20			}
21
22			concat::fragment{"${name}_footer":
23			target => $filename,
24			order => 99,
25			source => $footer,
26			}
27			}
28
29			### Rules
30			shorewallfile{ rules: }
31			define rule_line($order = 50) {
32	boklm	252	$filename = "${shorewalldir}/rules"
33	boklm	251	$line = "${name}\n"
34	boklm	242	concat::fragment{"newline_${name}":
35			target => $filename,
36			order => $order,
37			content => $line,
38			}
39			}
40			class allow_ssh_in {
41			rule_line { "ACCEPT all all tcp 22":
42			order => 5,
43			}
44			}
45			class allow_dns_in {
46	boklm	245	rule_line { "ACCEPT net fw tcp 53": }
47			rule_line { "ACCEPT net fw udp 53": }
48	boklm	242	}
49			class allow_smtp_in {
50	boklm	245	rule_line { "ACCEPT net fw tcp 25": }
51	boklm	242	}
52			class allow_www_in {
53	boklm	245	rule_line { "ACCEPT net fw tcp 80": }
54	boklm	242	}
55
56			### Zones
57			shorewallfile{ zones: }
58			define zone_line($order = 50) {
59	boklm	252	$filename = "${shorewalldir}/zones"
60	boklm	251	$line = "${name}\n"
61	boklm	242	concat::fragment{"newline_${name}":
62			target => $filename,
63			order => $order,
64			content => $line,
65			}
66			}
67			class default_zones {
68			zone_line { "net ipv4":
69	boklm	247	order => 2,
70	boklm	242	}
71			zone_line { "fw firewall":
72	boklm	247	order => 3,
73	boklm	242	}
74			}
75
76			### Policy
77			shorewallfile{ policy: }
78			define policy_line($order = 50) {
79	boklm	252	$filename = "${shorewalldir}/policy"
80	boklm	251	$line = "${name}\n"
81	boklm	242	concat::fragment{"newline_${name}":
82			target => $filename,
83			order => $order,
84			content => $line,
85			}
86			}
87			class default_policy {
88			policy_line{ "fw net ACCEPT":
89	boklm	247	order => 2,
90	boklm	242	}
91			policy_line{ "net all DROP info":
92	boklm	247	order => 3,
93	boklm	242	}
94			policy_line{ "all all REJECT info":
95	boklm	247	order => 4,
96	boklm	242	}
97			}
98
99	boklm	246	class default_firewall {
100	boklm	242	include default_zones
101			include default_policy
102			include allow_ssh_in
103			}
104			}