diff options
Diffstat (limited to 'zarb-ml/mageia-sysadm/2010-November/000499.html')
| -rw-r--r-- | zarb-ml/mageia-sysadm/2010-November/000499.html | 307 |
1 files changed, 307 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2010-November/000499.html b/zarb-ml/mageia-sysadm/2010-November/000499.html new file mode 100644 index 000000000..4eaf14229 --- /dev/null +++ b/zarb-ml/mageia-sysadm/2010-November/000499.html @@ -0,0 +1,307 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-sysadm] [242] add shorewall module + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B242%5D%20add%20shorewall%20module&In-Reply-To=%3C20101112203824.B4BCA3FC0F%40valstar.mageia.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="000539.html"> + <LINK REL="Next" HREF="000500.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-sysadm] [242] add shorewall module</H1> + <B>root at mageia.org</B> + <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B242%5D%20add%20shorewall%20module&In-Reply-To=%3C20101112203824.B4BCA3FC0F%40valstar.mageia.org%3E" + TITLE="[Mageia-sysadm] [242] add shorewall module">root at mageia.org + </A><BR> + <I>Fri Nov 12 21:38:24 CET 2010</I> + <P><UL> + <LI>Previous message: <A HREF="000539.html">[Mageia-sysadm] [241] Add a module to construct files from fragments. +</A></li> + <LI>Next message: <A HREF="000500.html">[Mageia-sysadm] [243] save shorewall config in /etc/shorewall_test for testing +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#499">[ date ]</a> + <a href="thread.html#499">[ thread ]</a> + <a href="subject.html#499">[ subject ]</a> + <a href="author.html#499">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Revision: 242 +Author: boklm +Date: 2010-11-12 21:38:24 +0100 (Fri, 12 Nov 2010) +Log Message: +----------- +add shorewall module + +Added Paths: +----------- + puppet/modules/shorewall/ + puppet/modules/shorewall/files/ + puppet/modules/shorewall/files/footers/ + puppet/modules/shorewall/files/footers/interfaces + puppet/modules/shorewall/files/footers/policy + puppet/modules/shorewall/files/footers/rules + puppet/modules/shorewall/files/footers/zones + puppet/modules/shorewall/files/headers/ + puppet/modules/shorewall/files/headers/interfaces + puppet/modules/shorewall/files/headers/policy + puppet/modules/shorewall/files/headers/rules + puppet/modules/shorewall/files/headers/zones + puppet/modules/shorewall/manifests/ + puppet/modules/shorewall/manifests/init.pp + +Added: puppet/modules/shorewall/files/footers/interfaces +=================================================================== +--- puppet/modules/shorewall/files/footers/interfaces (rev 0) ++++ puppet/modules/shorewall/files/footers/interfaces 2010-11-12 20:38:24 UTC (rev 242) +@@ -0,0 +1 @@ ++#LAST LINE -- DO NOT REMOVE + +Added: puppet/modules/shorewall/files/footers/policy +=================================================================== +--- puppet/modules/shorewall/files/footers/policy (rev 0) ++++ puppet/modules/shorewall/files/footers/policy 2010-11-12 20:38:24 UTC (rev 242) +@@ -0,0 +1 @@ ++#LAST LINE -- DO NOT REMOVE + +Added: puppet/modules/shorewall/files/footers/rules +=================================================================== +--- puppet/modules/shorewall/files/footers/rules (rev 0) ++++ puppet/modules/shorewall/files/footers/rules 2010-11-12 20:38:24 UTC (rev 242) +@@ -0,0 +1 @@ ++#LAST LINE -- DO NOT REMOVE + +Added: puppet/modules/shorewall/files/footers/zones +=================================================================== +--- puppet/modules/shorewall/files/footers/zones (rev 0) ++++ puppet/modules/shorewall/files/footers/zones 2010-11-12 20:38:24 UTC (rev 242) +@@ -0,0 +1 @@ ++#LAST LINE -- DO NOT REMOVE + +Added: puppet/modules/shorewall/files/headers/interfaces +=================================================================== +--- puppet/modules/shorewall/files/headers/interfaces (rev 0) ++++ puppet/modules/shorewall/files/headers/interfaces 2010-11-12 20:38:24 UTC (rev 242) +@@ -0,0 +1,10 @@ ++# ++# Shorewall version 4 - Interfaces File ++# ++# For information about entries in this file, type "man shorewall-interfaces" ++# ++# The manpage is also online at ++# <A HREF="http://www.shorewall.net/manpages/shorewall-interfaces.html">http://www.shorewall.net/manpages/shorewall-interfaces.html</A> ++# ++############################################################################### ++#ZONE INTERFACE BROADCAST OPTIONS + +Added: puppet/modules/shorewall/files/headers/policy +=================================================================== +--- puppet/modules/shorewall/files/headers/policy (rev 0) ++++ puppet/modules/shorewall/files/headers/policy 2010-11-12 20:38:24 UTC (rev 242) +@@ -0,0 +1,11 @@ ++# ++# Shorewall version 4 - Policy File ++# ++# For information about entries in this file, type "man shorewall-policy" ++# ++# The manpage is also online at ++# <A HREF="http://www.shorewall.net/manpages/shorewall-policy.html">http://www.shorewall.net/manpages/shorewall-policy.html</A> ++# ++############################################################################### ++#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: ++# LEVEL BURST MASK + +Added: puppet/modules/shorewall/files/headers/rules +=================================================================== +--- puppet/modules/shorewall/files/headers/rules (rev 0) ++++ puppet/modules/shorewall/files/headers/rules 2010-11-12 20:38:24 UTC (rev 242) +@@ -0,0 +1,11 @@ ++# ++# Shorewall version 4 - Rules File ++# ++# For information on the settings in this file, type "man shorewall-rules" ++# ++# The manpage is also online at ++# <A HREF="http://www.shorewall.net/manpages/shorewall-rules.html">http://www.shorewall.net/manpages/shorewall-rules.html</A> ++# ++#################################################################################################################################################### ++#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME ++# PORT PORT(S) DEST LIMIT GROUP + +Added: puppet/modules/shorewall/files/headers/zones +=================================================================== +--- puppet/modules/shorewall/files/headers/zones (rev 0) ++++ puppet/modules/shorewall/files/headers/zones 2010-11-12 20:38:24 UTC (rev 242) +@@ -0,0 +1,11 @@ ++# ++# Shorewall version 4 - Zones File ++# ++# For information about this file, type "man shorewall-zones" ++# ++# The manpage is also online at ++# <A HREF="http://www.shorewall.net/manpages/shorewall-zones.html">http://www.shorewall.net/manpages/shorewall-zones.html</A> ++# ++############################################################################### ++#ZONE TYPE OPTIONS IN OUT ++# OPTIONS OPTIONS + +Added: puppet/modules/shorewall/manifests/init.pp +=================================================================== +--- puppet/modules/shorewall/manifests/init.pp (rev 0) ++++ puppet/modules/shorewall/manifests/init.pp 2010-11-12 20:38:24 UTC (rev 242) +@@ -0,0 +1,102 @@ ++class shorewall { ++ include concat::setup ++ ++ define shorewallfile () { ++ $filename = "/etc/shorewall/${name}" ++ $header = "<A HREF="puppet:///modules/shorewall/headers/${name">puppet:///modules/shorewall/headers/${name</A>}" ++ $footer = "<A HREF="puppet:///modules/shorewall/footers/${name">puppet:///modules/shorewall/footers/${name</A>}" ++ concat{$filename: ++ owner => root, ++ group => root, ++ mode => 600, ++ } ++ ++ concat::fragment{"${name}_header": ++ target => $filename, ++ order => 1, ++ source => $header, ++ } ++ ++ concat::fragment{"${name}_footer": ++ target => $filename, ++ order => 99, ++ source => $footer, ++ } ++ } ++ ++ ### Rules ++ shorewallfile{ rules: } ++ define rule_line($order = 50) { ++ $filename = "/etc/shorewall/rules" ++ $line = $name ++ concat::fragment{"newline_${name}": ++ target => $filename, ++ order => $order, ++ content => $line, ++ } ++ } ++ class allow_ssh_in { ++ rule_line { "ACCEPT all all tcp 22": ++ order => 5, ++ } ++ } ++ class allow_dns_in { ++ rule_line { "ACCEPT net fw tcp 53" } ++ rule_line { "ACCEPT net fw udp 53" } ++ } ++ class allow_smtp_in { ++ rule_line { "ACCEPT net fw tcp 25" } ++ } ++ class allow_www_in { ++ rule_line { "ACCEPT net fw tcp 80" } ++ } ++ ++ ### Zones ++ shorewallfile{ zones: } ++ define zone_line($order = 50) { ++ $filename = "/etc/shorewall/zones" ++ $line = $name ++ concat::fragment{"newline_${name}": ++ target => $filename, ++ order => $order, ++ content => $line, ++ } ++ } ++ class default_zones { ++ zone_line { "net ipv4": ++ $order => 2, ++ } ++ zone_line { "fw firewall": ++ $order => 3, ++ } ++ } ++ ++ ### Policy ++ shorewallfile{ policy: } ++ define policy_line($order = 50) { ++ $filename = "/etc/shorewall/policy" ++ $line = $name ++ concat::fragment{"newline_${name}": ++ target => $filename, ++ order => $order, ++ content => $line, ++ } ++ } ++ class default_policy { ++ policy_line{ "fw net ACCEPT": ++ $order => 2, ++ } ++ policy_line{ "net all DROP info": ++ $order => 3, ++ } ++ policy_line{ "all all REJECT info": ++ $order => 4, ++ } ++ } ++ ++ class default_firewall() { ++ include default_zones ++ include default_policy ++ include allow_ssh_in ++ } ++} +-------------- next part -------------- +An HTML attachment was scrubbed... +URL: </pipermail/mageia-sysadm/attachments/20101112/b0723b5d/attachment.html> +</PRE> + + + + + + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="000539.html">[Mageia-sysadm] [241] Add a module to construct files from fragments. +</A></li> + <LI>Next message: <A HREF="000500.html">[Mageia-sysadm] [243] save shorewall config in /etc/shorewall_test for testing +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#499">[ date ]</a> + <a href="thread.html#499">[ thread ]</a> + <a href="subject.html#499">[ subject ]</a> + <a href="author.html#499">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm +mailing list</a><br> +</body></html> |