===================================================================
--- puppet/modules/shorewall/files/footers/interfaces (rev 0)
+++ puppet/modules/shorewall/files/footers/interfaces 2010-11-12 20:38:24 UTC (rev 242)
@@ -0,0 +1 @@
+#LAST LINE -- DO NOT REMOVE
===================================================================
--- puppet/modules/shorewall/files/footers/policy (rev 0)
+++ puppet/modules/shorewall/files/footers/policy 2010-11-12 20:38:24 UTC (rev 242)
@@ -0,0 +1 @@
+#LAST LINE -- DO NOT REMOVE
===================================================================
--- puppet/modules/shorewall/files/footers/rules (rev 0)
+++ puppet/modules/shorewall/files/footers/rules 2010-11-12 20:38:24 UTC (rev 242)
@@ -0,0 +1 @@
+#LAST LINE -- DO NOT REMOVE
===================================================================
--- puppet/modules/shorewall/files/footers/zones (rev 0)
+++ puppet/modules/shorewall/files/footers/zones 2010-11-12 20:38:24 UTC (rev 242)
@@ -0,0 +1 @@
+#LAST LINE -- DO NOT REMOVE
===================================================================
--- puppet/modules/shorewall/files/headers/interfaces (rev 0)
+++ puppet/modules/shorewall/files/headers/interfaces 2010-11-12 20:38:24 UTC (rev 242)
@@ -0,0 +1,10 @@
+#
+# Shorewall version 4 - Interfaces File
+#
+# For information about entries in this file, type "man shorewall-interfaces"
+#
+# The manpage is also online at
+# http://www.shorewall.net/manpages/shorewall-interfaces.html
+#
+###############################################################################
+#ZONE INTERFACE BROADCAST OPTIONS
===================================================================
--- puppet/modules/shorewall/files/headers/policy (rev 0)
+++ puppet/modules/shorewall/files/headers/policy 2010-11-12 20:38:24 UTC (rev 242)
@@ -0,0 +1,11 @@
+#
+# Shorewall version 4 - Policy File
+#
+# For information about entries in this file, type "man shorewall-policy"
+#
+# The manpage is also online at
+# http://www.shorewall.net/manpages/shorewall-policy.html
+#
+###############################################################################
+#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
+# LEVEL BURST MASK
===================================================================
--- puppet/modules/shorewall/files/headers/rules (rev 0)
+++ puppet/modules/shorewall/files/headers/rules 2010-11-12 20:38:24 UTC (rev 242)
@@ -0,0 +1,11 @@
+#
+# Shorewall version 4 - Rules File
+#
+# For information on the settings in this file, type "man shorewall-rules"
+#
+# The manpage is also online at
+# http://www.shorewall.net/manpages/shorewall-rules.html
+#
+####################################################################################################################################################
+#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME
+# PORT PORT(S) DEST LIMIT GROUP
===================================================================
--- puppet/modules/shorewall/files/headers/zones (rev 0)
+++ puppet/modules/shorewall/files/headers/zones 2010-11-12 20:38:24 UTC (rev 242)
@@ -0,0 +1,11 @@
+#
+# Shorewall version 4 - Zones File
+#
+# For information about this file, type "man shorewall-zones"
+#
+# The manpage is also online at
+# http://www.shorewall.net/manpages/shorewall-zones.html
+#
+###############################################################################
+#ZONE TYPE OPTIONS IN OUT
+# OPTIONS OPTIONS
Added: puppet/modules/shorewall/manifests/init.pp
===================================================================
--- puppet/modules/shorewall/manifests/init.pp (rev 0)
+++ puppet/modules/shorewall/manifests/init.pp 2010-11-12 20:38:24 UTC (rev 242)
@@ -0,0 +1,102 @@
+class shorewall {
+ include concat::setup
+
+ define shorewallfile () {
+ $filename = "/etc/shorewall/${name}"
+ $header = "puppet:///modules/shorewall/headers/${name}"
+ $footer = "puppet:///modules/shorewall/footers/${name}"
+ concat{$filename:
+ owner => root,
+ group => root,
+ mode => 600,
+ }
+
+ concat::fragment{"${name}_header":
+ target => $filename,
+ order => 1,
+ source => $header,
+ }
+
+ concat::fragment{"${name}_footer":
+ target => $filename,
+ order => 99,
+ source => $footer,
+ }
+ }
+
+ ### Rules
+ shorewallfile{ rules: }
+ define rule_line($order = 50) {
+ $filename = "/etc/shorewall/rules"
+ $line = $name
+ concat::fragment{"newline_${name}":
+ target => $filename,
+ order => $order,
+ content => $line,
+ }
+ }
+ class allow_ssh_in {
+ rule_line { "ACCEPT all all tcp 22":
+ order => 5,
+ }
+ }
+ class allow_dns_in {
+ rule_line { "ACCEPT net fw tcp 53" }
+ rule_line { "ACCEPT net fw udp 53" }
+ }
+ class allow_smtp_in {
+ rule_line { "ACCEPT net fw tcp 25" }
+ }
+ class allow_www_in {
+ rule_line { "ACCEPT net fw tcp 80" }
+ }
+
+ ### Zones
+ shorewallfile{ zones: }
+ define zone_line($order = 50) {
+ $filename = "/etc/shorewall/zones"
+ $line = $name
+ concat::fragment{"newline_${name}":
+ target => $filename,
+ order => $order,
+ content => $line,
+ }
+ }
+ class default_zones {
+ zone_line { "net ipv4":
+ $order => 2,
+ }
+ zone_line { "fw firewall":
+ $order => 3,
+ }
+ }
+
+ ### Policy
+ shorewallfile{ policy: }
+ define policy_line($order = 50) {
+ $filename = "/etc/shorewall/policy"
+ $line = $name
+ concat::fragment{"newline_${name}":
+ target => $filename,
+ order => $order,
+ content => $line,
+ }
+ }
+ class default_policy {
+ policy_line{ "fw net ACCEPT":
+ $order => 2,
+ }
+ policy_line{ "net all DROP info":
+ $order => 3,
+ }
+ policy_line{ "all all REJECT info":
+ $order => 4,
+ }
+ }
+
+ class default_firewall() {
+ include default_zones
+ include default_policy
+ include allow_ssh_in
+ }
+}