/[adm]/puppet/modules/shorewall/manifests/init.pp
ViewVC logotype

Contents of /puppet/modules/shorewall/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log


Revision 251 - (show annotations) (download)
Fri Nov 12 22:29:49 2010 UTC (9 years, 6 months ago) by boklm
File size: 2104 byte(s)
add newlines at end of added lines
1 class shorewall {
2 include concat::setup
3
4 define shorewallfile () {
5 $filename = "/tmp/shorewall/${name}"
6 $header = "puppet:///modules/shorewall/headers/${name}"
7 $footer = "puppet:///modules/shorewall/footers/${name}"
8 concat{$filename:
9 owner => root,
10 group => root,
11 mode => 600,
12 }
13
14 concat::fragment{"${name}_header":
15 target => $filename,
16 order => 1,
17 source => $header,
18 }
19
20 concat::fragment{"${name}_footer":
21 target => $filename,
22 order => 99,
23 source => $footer,
24 }
25 }
26
27 ### Rules
28 shorewallfile{ rules: }
29 define rule_line($order = 50) {
30 $filename = "/tmp/shorewall/rules"
31 $line = "${name}\n"
32 concat::fragment{"newline_${name}":
33 target => $filename,
34 order => $order,
35 content => $line,
36 }
37 }
38 class allow_ssh_in {
39 rule_line { "ACCEPT all all tcp 22":
40 order => 5,
41 }
42 }
43 class allow_dns_in {
44 rule_line { "ACCEPT net fw tcp 53": }
45 rule_line { "ACCEPT net fw udp 53": }
46 }
47 class allow_smtp_in {
48 rule_line { "ACCEPT net fw tcp 25": }
49 }
50 class allow_www_in {
51 rule_line { "ACCEPT net fw tcp 80": }
52 }
53
54 ### Zones
55 shorewallfile{ zones: }
56 define zone_line($order = 50) {
57 $filename = "/tmp/shorewall/zones"
58 $line = "${name}\n"
59 concat::fragment{"newline_${name}":
60 target => $filename,
61 order => $order,
62 content => $line,
63 }
64 }
65 class default_zones {
66 zone_line { "net ipv4":
67 order => 2,
68 }
69 zone_line { "fw firewall":
70 order => 3,
71 }
72 }
73
74 ### Policy
75 shorewallfile{ policy: }
76 define policy_line($order = 50) {
77 $filename = "/tmp/shorewall/policy"
78 $line = "${name}\n"
79 concat::fragment{"newline_${name}":
80 target => $filename,
81 order => $order,
82 content => $line,
83 }
84 }
85 class default_policy {
86 policy_line{ "fw net ACCEPT":
87 order => 2,
88 }
89 policy_line{ "net all DROP info":
90 order => 3,
91 }
92 policy_line{ "all all REJECT info":
93 order => 4,
94 }
95 }
96
97 class default_firewall {
98 include default_zones
99 include default_policy
100 include allow_ssh_in
101 }
102 }

  ViewVC Help
Powered by ViewVC 1.1.28