1 |
class shorewall { |
class shorewall { |
2 |
include concat::setup |
include concat::setup |
3 |
|
|
4 |
|
$shorewalldir = "/etc/shorewall_test" |
5 |
|
|
6 |
define shorewallfile () { |
define shorewallfile () { |
7 |
$filename = "/etc/shorewall/${name}" |
$filename = "${shorewalldir}/${name}" |
8 |
$header = "puppet:///modules/shorewall/headers/${name}" |
$header = "puppet:///modules/shorewall/headers/${name}" |
9 |
$footer = "puppet:///modules/shorewall/footers/${name}" |
$footer = "puppet:///modules/shorewall/footers/${name}" |
10 |
concat{$filename: |
concat{$filename: |
29 |
### Rules |
### Rules |
30 |
shorewallfile{ rules: } |
shorewallfile{ rules: } |
31 |
define rule_line($order = 50) { |
define rule_line($order = 50) { |
32 |
$filename = "/etc/shorewall/rules" |
$filename = "${shorewalldir}/shorewall/rules" |
33 |
$line = $name |
$line = $name |
34 |
concat::fragment{"newline_${name}": |
concat::fragment{"newline_${name}": |
35 |
target => $filename, |
target => $filename, |
43 |
} |
} |
44 |
} |
} |
45 |
class allow_dns_in { |
class allow_dns_in { |
46 |
rule_line { "ACCEPT net fw tcp 53" } |
rule_line { "ACCEPT net fw tcp 53": } |
47 |
rule_line { "ACCEPT net fw udp 53" } |
rule_line { "ACCEPT net fw udp 53": } |
48 |
} |
} |
49 |
class allow_smtp_in { |
class allow_smtp_in { |
50 |
rule_line { "ACCEPT net fw tcp 25" } |
rule_line { "ACCEPT net fw tcp 25": } |
51 |
} |
} |
52 |
class allow_www_in { |
class allow_www_in { |
53 |
rule_line { "ACCEPT net fw tcp 80" } |
rule_line { "ACCEPT net fw tcp 80": } |
54 |
} |
} |
55 |
|
|
56 |
### Zones |
### Zones |
57 |
shorewallfile{ zones: } |
shorewallfile{ zones: } |
58 |
define zone_line($order = 50) { |
define zone_line($order = 50) { |
59 |
$filename = "/etc/shorewall/zones" |
$filename = "${shorewalldir}/shorewall/zones" |
60 |
$line = $name |
$line = $name |
61 |
concat::fragment{"newline_${name}": |
concat::fragment{"newline_${name}": |
62 |
target => $filename, |
target => $filename, |
76 |
### Policy |
### Policy |
77 |
shorewallfile{ policy: } |
shorewallfile{ policy: } |
78 |
define policy_line($order = 50) { |
define policy_line($order = 50) { |
79 |
$filename = "/etc/shorewall/policy" |
$filename = "${shorewalldir}/shorewall/policy" |
80 |
$line = $name |
$line = $name |
81 |
concat::fragment{"newline_${name}": |
concat::fragment{"newline_${name}": |
82 |
target => $filename, |
target => $filename, |