/[adm]/puppet/modules/shorewall/manifests/init.pp
ViewVC logotype

Contents of /puppet/modules/shorewall/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log


Revision 245 - (show annotations) (download)
Fri Nov 12 20:46:15 2010 UTC (13 years, 10 months ago) by boklm
File size: 2168 byte(s)
fix syntax
1 class shorewall {
2 include concat::setup
3
4 $shorewalldir = "/etc/shorewall_test"
5
6 define shorewallfile () {
7 $filename = "${shorewalldir}/${name}"
8 $header = "puppet:///modules/shorewall/headers/${name}"
9 $footer = "puppet:///modules/shorewall/footers/${name}"
10 concat{$filename:
11 owner => root,
12 group => root,
13 mode => 600,
14 }
15
16 concat::fragment{"${name}_header":
17 target => $filename,
18 order => 1,
19 source => $header,
20 }
21
22 concat::fragment{"${name}_footer":
23 target => $filename,
24 order => 99,
25 source => $footer,
26 }
27 }
28
29 ### Rules
30 shorewallfile{ rules: }
31 define rule_line($order = 50) {
32 $filename = "${shorewalldir}/shorewall/rules"
33 $line = $name
34 concat::fragment{"newline_${name}":
35 target => $filename,
36 order => $order,
37 content => $line,
38 }
39 }
40 class allow_ssh_in {
41 rule_line { "ACCEPT all all tcp 22":
42 order => 5,
43 }
44 }
45 class allow_dns_in {
46 rule_line { "ACCEPT net fw tcp 53": }
47 rule_line { "ACCEPT net fw udp 53": }
48 }
49 class allow_smtp_in {
50 rule_line { "ACCEPT net fw tcp 25": }
51 }
52 class allow_www_in {
53 rule_line { "ACCEPT net fw tcp 80": }
54 }
55
56 ### Zones
57 shorewallfile{ zones: }
58 define zone_line($order = 50) {
59 $filename = "${shorewalldir}/shorewall/zones"
60 $line = $name
61 concat::fragment{"newline_${name}":
62 target => $filename,
63 order => $order,
64 content => $line,
65 }
66 }
67 class default_zones {
68 zone_line { "net ipv4":
69 $order => 2,
70 }
71 zone_line { "fw firewall":
72 $order => 3,
73 }
74 }
75
76 ### Policy
77 shorewallfile{ policy: }
78 define policy_line($order = 50) {
79 $filename = "${shorewalldir}/shorewall/policy"
80 $line = $name
81 concat::fragment{"newline_${name}":
82 target => $filename,
83 order => $order,
84 content => $line,
85 }
86 }
87 class default_policy {
88 policy_line{ "fw net ACCEPT":
89 $order => 2,
90 }
91 policy_line{ "net all DROP info":
92 $order => 3,
93 }
94 policy_line{ "all all REJECT info":
95 $order => 4,
96 }
97 }
98
99 class default_firewall() {
100 include default_zones
101 include default_policy
102 include allow_ssh_in
103 }
104 }

  ViewVC Help
Powered by ViewVC 1.1.30