aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--modules/shorewall/manifests/init.pp128
1 files changed, 64 insertions, 64 deletions
diff --git a/modules/shorewall/manifests/init.pp b/modules/shorewall/manifests/init.pp
index 7c8e1f55..daea6b2c 100644
--- a/modules/shorewall/manifests/init.pp
+++ b/modules/shorewall/manifests/init.pp
@@ -2,101 +2,101 @@ class shorewall {
include concat::setup
define shorewallfile () {
- $filename = "/tmp/shorewall/${name}"
- $header = "puppet:///modules/shorewall/headers/${name}"
- $footer = "puppet:///modules/shorewall/footers/${name}"
- concat{$filename:
- owner => root,
- group => root,
- mode => 600,
- }
+ $filename = "/tmp/shorewall/${name}"
+ $header = "puppet:///modules/shorewall/headers/${name}"
+ $footer = "puppet:///modules/shorewall/footers/${name}"
+ concat{$filename:
+ owner => root,
+ group => root,
+ mode => '0600',
+ }
- concat::fragment{"${name}_header":
- target => $filename,
- order => 1,
- source => $header,
- }
+ concat::fragment{"${name}_header":
+ target => $filename,
+ order => 1,
+ source => $header,
+ }
- concat::fragment{"${name}_footer":
- target => $filename,
- order => 99,
- source => $footer,
- }
+ concat::fragment{"${name}_footer":
+ target => $filename,
+ order => 99,
+ source => $footer,
+ }
}
### Rules
shorewallfile{ rules: }
define rule_line($order = 50) {
- $filename = "/tmp/shorewall/rules"
- $line = "${name}\n"
- concat::fragment{"newline_${name}":
- target => $filename,
- order => $order,
- content => $line,
- }
+ $filename = "/tmp/shorewall/rules"
+ $line = "${name}\n"
+ concat::fragment{"newline_${name}":
+ target => $filename,
+ order => $order,
+ content => $line,
+ }
}
class allow_ssh_in {
- rule_line { "ACCEPT all all tcp 22":
- order => 5,
- }
+ rule_line { "ACCEPT all all tcp 22":
+ order => 5,
+ }
}
class allow_dns_in {
- rule_line { "ACCEPT net fw tcp 53": }
- rule_line { "ACCEPT net fw udp 53": }
+ rule_line { "ACCEPT net fw tcp 53": }
+ rule_line { "ACCEPT net fw udp 53": }
}
class allow_smtp_in {
- rule_line { "ACCEPT net fw tcp 25": }
+ rule_line { "ACCEPT net fw tcp 25": }
}
class allow_www_in {
- rule_line { "ACCEPT net fw tcp 80": }
+ rule_line { "ACCEPT net fw tcp 80": }
}
### Zones
shorewallfile{ zones: }
define zone_line($order = 50) {
- $filename = "/tmp/shorewall/zones"
- $line = "${name}\n"
- concat::fragment{"newline_${name}":
- target => $filename,
- order => $order,
- content => $line,
- }
+ $filename = "/tmp/shorewall/zones"
+ $line = "${name}\n"
+ concat::fragment{"newline_${name}":
+ target => $filename,
+ order => $order,
+ content => $line,
+ }
}
class default_zones {
- zone_line { "net ipv4":
- order => 2,
- }
- zone_line { "fw firewall":
- order => 3,
- }
+ zone_line { "net ipv4":
+ order => 2,
+ }
+ zone_line { "fw firewall":
+ order => 3,
+ }
}
### Policy
shorewallfile{ policy: }
define policy_line($order = 50) {
- $filename = "/tmp/shorewall/policy"
- $line = "${name}\n"
- concat::fragment{"newline_${name}":
- target => $filename,
- order => $order,
- content => $line,
- }
+ $filename = "/tmp/shorewall/policy"
+ $line = "${name}\n"
+ concat::fragment{"newline_${name}":
+ target => $filename,
+ order => $order,
+ content => $line,
+ }
}
class default_policy {
- policy_line{ "fw net ACCEPT":
- order => 2,
- }
- policy_line{ "net all DROP info":
- order => 3,
- }
- policy_line{ "all all REJECT info":
- order => 4,
- }
+ policy_line{ "fw net ACCEPT":
+ order => 2,
+ }
+ policy_line{ "net all DROP info":
+ order => 3,
+ }
+ policy_line{ "all all REJECT info":
+ order => 4,
+ }
}
class default_firewall {
- include default_zones
- include default_policy
- include allow_ssh_in
+ include default_zones
+ include default_policy
+ include allow_ssh_in
}
}