diff options
| author | Micah Anderson <micah@riseup.net> | 2016-11-04 10:54:28 -0400 |
|---|---|---|
| committer | Micah Anderson <micah@riseup.net> | 2016-11-04 10:54:28 -0400 |
| commit | 34a381efa8f6295080c843f86bfa07d4e41056af (patch) | |
| tree | 9282cf5d4c876688602705a7fa0002bc4a810bde /puppet/modules/shorewall/manifests/init.pp | |
| parent | 0a72bc6fd292bf9367b314fcb0347c4d35042f16 (diff) | |
| parent | 5821964ff7e16ca7aa9141bd09a77d355db492a9 (diff) | |
Merge branch 'develop'
Diffstat (limited to 'puppet/modules/shorewall/manifests/init.pp')
| m--------- | puppet/modules/shorewall | 0 | ||||
| -rw-r--r-- | puppet/modules/shorewall/manifests/init.pp | 123 |
2 files changed, 123 insertions, 0 deletions
diff --git a/puppet/modules/shorewall b/puppet/modules/shorewall deleted file mode 160000 -Subproject e4a54e30bf2ad7fa45c73cc544e1da4524a287a diff --git a/puppet/modules/shorewall/manifests/init.pp b/puppet/modules/shorewall/manifests/init.pp new file mode 100644 index 00000000..d6b2d2a4 --- /dev/null +++ b/puppet/modules/shorewall/manifests/init.pp @@ -0,0 +1,123 @@ +# Manage shorewall on your system +class shorewall( + $startup = '1', + $conf_source = false, + $ensure_version = 'present', + $tor_transparent_proxy_host = '127.0.0.1', + $tor_transparent_proxy_port = '9040', + $tor_user = $::operatingsystem ? { + 'Debian' => 'debian-tor', + default => 'tor' + }, + $zones = {}, + $zones_defaults = {}, + $interfaces = {}, + $interfaces_defaults = {}, + $hosts = {}, + $hosts_defaults = {}, + $policy = {}, + $policy_defaults = {}, + $rules = {}, + $rules_defaults = {}, + $rulesections = {}, + $rulesections_defaults = {}, + $masq = {}, + $masq_defaults = {}, + $proxyarp = {}, + $proxyarp_defaults = {}, + $nat = {}, + $nat_defaults = {}, + $blacklist = {}, + $blacklist_defaults = {}, + $rfc1918 = {}, + $rfc1918_defaults = {}, + $routestopped = {}, + $routestopped_defaults = {}, + $params = {}, + $params_defaults = {}, + $tcdevices = {}, + $tcdevices_defaults = {}, + $tcrules = {}, + $tcrules_defaults = {}, + $tcclasses = {}, + $tcclasses_defaults = {}, + $tunnels = {}, + $tunnels_defaults = {}, + $rtrules = {}, + $rtrules_defaults = {}, + $daily_check = true, +) { + + case $::operatingsystem { + 'Gentoo': { include ::shorewall::gentoo } + 'Debian','Ubuntu': { include ::shorewall::debian } + 'CentOS': { include ::shorewall::centos } + default: { + notice "unknown operatingsystem: ${::operatingsystem}" + include ::shorewall::base + } + } + + shorewall::managed_file{ + [ + # See http://www.shorewall.net/3.0/Documentation.htm#Zones + 'zones', + # See http://www.shorewall.net/3.0/Documentation.htm#Interfaces + 'interfaces', + # See http://www.shorewall.net/3.0/Documentation.htm#Hosts + 'hosts', + # See http://www.shorewall.net/3.0/Documentation.htm#Policy + 'policy', + # See http://www.shorewall.net/3.0/Documentation.htm#Rules + 'rules', + # See http://www.shorewall.net/3.0/Documentation.htm#Masq + 'masq', + # See http://www.shorewall.net/3.0/Documentation.htm#ProxyArp + 'proxyarp', + # See http://www.shorewall.net/3.0/Documentation.htm#NAT + 'nat', + # See http://www.shorewall.net/3.0/Documentation.htm#Blacklist + 'blacklist', + # See http://www.shorewall.net/3.0/Documentation.htm#rfc1918 + 'rfc1918', + # See http://www.shorewall.net/3.0/Documentation.htm#Routestopped + 'routestopped', + # See http://www.shorewall.net/3.0/Documentation.htm#Variables + 'params', + # See http://www.shorewall.net/3.0/traffic_shaping.htm + 'tcdevices', + # See http://www.shorewall.net/3.0/traffic_shaping.htm + 'tcrules', + # See http://www.shorewall.net/3.0/traffic_shaping.htm + 'tcclasses', + # http://www.shorewall.net/manpages/shorewall-providers.html + 'providers', + # See http://www.shorewall.net/manpages/shorewall-tunnels.html + 'tunnel', + # See http://www.shorewall.net/MultiISP.html + 'rtrules', + # See http://www.shorewall.net/manpages/shorewall-mangle.html + 'mangle', + ]:; + } + + create_resources('shorewall::zone',$zones,$zones_defaults) + create_resources('shorewall::interface',$interfaces,$interfaces_defaults) + create_resources('shorewall::host',$hosts,$hosts_defaults) + create_resources('shorewall::policy',$policy,$policy_defaults) + create_resources('shorewall::rule',$rules,$rules_defaults) + create_resources('shorewall::rule_section',$rulesections,$rulesections_defaults) + create_resources('shorewall::masq',$masq,$masq_defaults) + create_resources('shorewall::proxyarp',$proxyarp,$proxyarp_defaults) + create_resources('shorewall::nat',$nat,$nat_defaults) + create_resources('shorewall::blacklist',$blacklist,$blacklist_defaults) + create_resources('shorewall::rfc1918',$rfc1918,$rfc1918_defaults) + create_resources('shorewall::routestopped',$routestopped, + $routestopped_defaults) + create_resources('shorewall::params',$params,$params_defaults) + create_resources('shorewall::tcdevices',$tcdevices,$tcdevices_defaults) + create_resources('shorewall::tcrules',$tcrules,$tcrules_defaults) + create_resources('shorewall::tcclasses',$tcclasses,$tcclasses_defaults) + create_resources('shorewall::tunnel',$tunnels,$tunnels_defaults) + create_resources('shorewall::rtrules',$rtrules,$rtrules_defaults) +} |