/[adm]/puppet/modules/shorewall/manifests/init.pp
ViewVC logotype

Annotation of /puppet/modules/shorewall/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log


Revision 253 - (hide annotations) (download)
Fri Nov 12 22:36:51 2010 UTC (9 years, 11 months ago) by boklm
File size: 2104 byte(s)
don't use a variable for shorewall dir (not working)
1 boklm 242 class shorewall {
2     include concat::setup
3    
4     define shorewallfile () {
5 boklm 253 $filename = "/tmp/shorewall/${name}"
6 boklm 242 $header = "puppet:///modules/shorewall/headers/${name}"
7     $footer = "puppet:///modules/shorewall/footers/${name}"
8     concat{$filename:
9     owner => root,
10     group => root,
11     mode => 600,
12     }
13    
14     concat::fragment{"${name}_header":
15     target => $filename,
16     order => 1,
17     source => $header,
18     }
19    
20     concat::fragment{"${name}_footer":
21     target => $filename,
22     order => 99,
23     source => $footer,
24     }
25     }
26    
27     ### Rules
28     shorewallfile{ rules: }
29     define rule_line($order = 50) {
30 boklm 253 $filename = "/tmp/shorewall/rules"
31 boklm 251 $line = "${name}\n"
32 boklm 242 concat::fragment{"newline_${name}":
33     target => $filename,
34     order => $order,
35     content => $line,
36     }
37     }
38     class allow_ssh_in {
39     rule_line { "ACCEPT all all tcp 22":
40     order => 5,
41     }
42     }
43     class allow_dns_in {
44 boklm 245 rule_line { "ACCEPT net fw tcp 53": }
45     rule_line { "ACCEPT net fw udp 53": }
46 boklm 242 }
47     class allow_smtp_in {
48 boklm 245 rule_line { "ACCEPT net fw tcp 25": }
49 boklm 242 }
50     class allow_www_in {
51 boklm 245 rule_line { "ACCEPT net fw tcp 80": }
52 boklm 242 }
53    
54     ### Zones
55     shorewallfile{ zones: }
56     define zone_line($order = 50) {
57 boklm 253 $filename = "/tmp/shorewall/zones"
58 boklm 251 $line = "${name}\n"
59 boklm 242 concat::fragment{"newline_${name}":
60     target => $filename,
61     order => $order,
62     content => $line,
63     }
64     }
65     class default_zones {
66     zone_line { "net ipv4":
67 boklm 247 order => 2,
68 boklm 242 }
69     zone_line { "fw firewall":
70 boklm 247 order => 3,
71 boklm 242 }
72     }
73    
74     ### Policy
75     shorewallfile{ policy: }
76     define policy_line($order = 50) {
77 boklm 253 $filename = "/tmp/shorewall/policy"
78 boklm 251 $line = "${name}\n"
79 boklm 242 concat::fragment{"newline_${name}":
80     target => $filename,
81     order => $order,
82     content => $line,
83     }
84     }
85     class default_policy {
86     policy_line{ "fw net ACCEPT":
87 boklm 247 order => 2,
88 boklm 242 }
89     policy_line{ "net all DROP info":
90 boklm 247 order => 3,
91 boklm 242 }
92     policy_line{ "all all REJECT info":
93 boklm 247 order => 4,
94 boklm 242 }
95     }
96    
97 boklm 246 class default_firewall {
98 boklm 242 include default_zones
99     include default_policy
100     include allow_ssh_in
101     }
102     }

  ViewVC Help
Powered by ViewVC 1.1.28