summaryrefslogtreecommitdiff
path: root/puppet/modules/site_shorewall
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_shorewall')
-rw-r--r--puppet/modules/site_shorewall/manifests/defaults.pp7
-rw-r--r--puppet/modules/site_shorewall/manifests/eip.pp3
-rw-r--r--puppet/modules/site_shorewall/manifests/ip_forward.pp3
-rw-r--r--puppet/modules/site_shorewall/manifests/mx.pp3
-rw-r--r--puppet/modules/site_shorewall/manifests/obfsproxy.pp2
-rw-r--r--puppet/modules/site_shorewall/manifests/service/webapp_api.pp2
-rw-r--r--puppet/modules/site_shorewall/manifests/soledad.pp3
-rw-r--r--puppet/modules/site_shorewall/manifests/sshd.pp2
-rw-r--r--puppet/modules/site_shorewall/manifests/stunnel/server.pp2
-rw-r--r--puppet/modules/site_shorewall/manifests/tor.pp2
10 files changed, 17 insertions, 12 deletions
diff --git a/puppet/modules/site_shorewall/manifests/defaults.pp b/puppet/modules/site_shorewall/manifests/defaults.pp
index ceb17868..725e0880 100644
--- a/puppet/modules/site_shorewall/manifests/defaults.pp
+++ b/puppet/modules/site_shorewall/manifests/defaults.pp
@@ -1,3 +1,4 @@
+# Configure basic firewall rules for shorewall
class site_shorewall::defaults {
include shorewall
@@ -55,7 +56,7 @@ class site_shorewall::defaults {
mode => '0644',
source => 'puppet:///modules/site_shorewall/Debian/shorewall.service',
require => Package['shorewall'],
- notify => Service['shorewall'],
+ notify => Exec['shorewall_check'],
} ~>
Exec['systemctl-daemon-reload']
@@ -66,14 +67,14 @@ class site_shorewall::defaults {
lens => 'Shellvars.lns',
incl => '/etc/shorewall/shorewall.conf',
require => Package['shorewall'],
- notify => Service['shorewall'];
+ notify => Exec['shorewall_check'];
# require that the interface exist
'shorewall_REQUIRE_INTERFACE':
changes => 'set /files/etc/shorewall/shorewall.conf/REQUIRE_INTERFACE Yes',
lens => 'Shellvars.lns',
incl => '/etc/shorewall/shorewall.conf',
require => Package['shorewall'],
- notify => Service['shorewall'];
+ notify => Exec['shorewall_check'];
# configure shorewall-init
'shorewall-init':
changes => 'set /files/etc/default/shorewall-init/PRODUCTS shorewall',
diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp
index 8fbba658..21934761 100644
--- a/puppet/modules/site_shorewall/manifests/eip.pp
+++ b/puppet/modules/site_shorewall/manifests/eip.pp
@@ -1,3 +1,4 @@
+# Configure shorewall on eip/vpn nodes
class site_shorewall::eip {
include site_shorewall::defaults
@@ -9,7 +10,7 @@ class site_shorewall::eip {
content => "PARAM - - tcp 1194
PARAM - - udp 1194
",
- notify => Service['shorewall'],
+ notify => Exec['shorewall_check'],
require => Package['shorewall']
}
diff --git a/puppet/modules/site_shorewall/manifests/ip_forward.pp b/puppet/modules/site_shorewall/manifests/ip_forward.pp
index d53ee8a5..beb1f055 100644
--- a/puppet/modules/site_shorewall/manifests/ip_forward.pp
+++ b/puppet/modules/site_shorewall/manifests/ip_forward.pp
@@ -1,10 +1,11 @@
+# Configure ip forwarding for shorewall
class site_shorewall::ip_forward {
include augeas
augeas { 'enable_ip_forwarding':
changes => 'set /files/etc/shorewall/shorewall.conf/IP_FORWARDING Yes',
lens => 'Shellvars.lns',
incl => '/etc/shorewall/shorewall.conf',
- notify => Service[shorewall],
+ notify => Exec['shorewall_check'],
require => [ Class[augeas], Package[shorewall] ];
}
}
diff --git a/puppet/modules/site_shorewall/manifests/mx.pp b/puppet/modules/site_shorewall/manifests/mx.pp
index 332f164e..2500668f 100644
--- a/puppet/modules/site_shorewall/manifests/mx.pp
+++ b/puppet/modules/site_shorewall/manifests/mx.pp
@@ -1,3 +1,4 @@
+# Configure leap-mx shorewall rules
class site_shorewall::mx {
include site_shorewall::defaults
@@ -7,7 +8,7 @@ class site_shorewall::mx {
# define macro for incoming services
file { '/etc/shorewall/macro.leap_mx':
content => "PARAM - - tcp ${smtpd_ports} ",
- notify => Service['shorewall'],
+ notify => Exec['shorewall_check'],
require => Package['shorewall']
}
diff --git a/puppet/modules/site_shorewall/manifests/obfsproxy.pp b/puppet/modules/site_shorewall/manifests/obfsproxy.pp
index 75846705..3c82dc40 100644
--- a/puppet/modules/site_shorewall/manifests/obfsproxy.pp
+++ b/puppet/modules/site_shorewall/manifests/obfsproxy.pp
@@ -10,7 +10,7 @@ class site_shorewall::obfsproxy {
# define macro for incoming services
file { '/etc/shorewall/macro.leap_obfsproxy':
content => "PARAM - - tcp ${scram_port} ",
- notify => Service['shorewall'],
+ notify => Exec['shorewall_check'],
require => Package['shorewall']
}
diff --git a/puppet/modules/site_shorewall/manifests/service/webapp_api.pp b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp
index d3a1aeed..e3ae4200 100644
--- a/puppet/modules/site_shorewall/manifests/service/webapp_api.pp
+++ b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp
@@ -7,7 +7,7 @@ class site_shorewall::service::webapp_api {
# define macro for incoming services
file { '/etc/shorewall/macro.leap_webapp_api':
content => "PARAM - - tcp ${api_port} ",
- notify => Service['shorewall'],
+ notify => Exec['shorewall_check'],
require => Package['shorewall']
}
diff --git a/puppet/modules/site_shorewall/manifests/soledad.pp b/puppet/modules/site_shorewall/manifests/soledad.pp
index 518d8689..5bee07af 100644
--- a/puppet/modules/site_shorewall/manifests/soledad.pp
+++ b/puppet/modules/site_shorewall/manifests/soledad.pp
@@ -1,3 +1,4 @@
+# Setup soledad server
class site_shorewall::soledad {
$soledad = hiera('soledad')
@@ -8,7 +9,7 @@ class site_shorewall::soledad {
# define macro for incoming services
file { '/etc/shorewall/macro.leap_soledad':
content => "PARAM - - tcp ${soledad_port}",
- notify => Service['shorewall'],
+ notify => Exec['shorewall_check'],
require => Package['shorewall']
}
diff --git a/puppet/modules/site_shorewall/manifests/sshd.pp b/puppet/modules/site_shorewall/manifests/sshd.pp
index e2332592..ba129002 100644
--- a/puppet/modules/site_shorewall/manifests/sshd.pp
+++ b/puppet/modules/site_shorewall/manifests/sshd.pp
@@ -9,7 +9,7 @@ class site_shorewall::sshd {
# define macro for incoming sshd
file { '/etc/shorewall/macro.leap_sshd':
content => "PARAM - - tcp ${ssh_port}",
- notify => Service['shorewall'],
+ notify => Exec['shorewall_check'],
require => Package['shorewall']
}
diff --git a/puppet/modules/site_shorewall/manifests/stunnel/server.pp b/puppet/modules/site_shorewall/manifests/stunnel/server.pp
index 798cd631..dae4142a 100644
--- a/puppet/modules/site_shorewall/manifests/stunnel/server.pp
+++ b/puppet/modules/site_shorewall/manifests/stunnel/server.pp
@@ -8,7 +8,7 @@ define site_shorewall::stunnel::server($port) {
file { "/etc/shorewall/macro.stunnel_server_${name}":
content => "PARAM - - tcp ${port}",
- notify => Service['shorewall'],
+ notify => Exec['shorewall_check'],
require => Package['shorewall']
}
shorewall::rule {
diff --git a/puppet/modules/site_shorewall/manifests/tor.pp b/puppet/modules/site_shorewall/manifests/tor.pp
index 324b4844..f4d5ed92 100644
--- a/puppet/modules/site_shorewall/manifests/tor.pp
+++ b/puppet/modules/site_shorewall/manifests/tor.pp
@@ -9,7 +9,7 @@ class site_shorewall::tor {
# define macro for incoming services
file { '/etc/shorewall/macro.leap_tor':
content => "PARAM - - tcp ${tor_port} ",
- notify => Service['shorewall'],
+ notify => Exec['shorewall_check'],
require => Package['shorewall']
}