summaryrefslogtreecommitdiff
path: root/puppet/modules/site_shorewall
AgeCommit message (Collapse)Author
2013-03-17added support for "limited" service levels (although vpn is not yet actually ↵elijah
rate limited).
2013-02-27openvpn -- added support for optional "free" rate-limited service via ↵elijah
special client certificates with the FREE prefix in the common name.
2013-02-26missed another require => Package['shorewall'] on the file resources in ↵Micah Anderson
site_shorewall
2013-02-12missed one require => Package['shorewall'] on of the file resources in ↵Micah Anderson
site_shorewall
2013-02-12file resources that make changes to shorewall need to make sure that ↵Micah Anderson
shorewall is installed first (#1741)
2013-02-12fixed shorewall is blocking api port (Bug #1735)varac
2013-02-11duplicate shortwall service definitions now inclduded from services/*varac
2013-02-09site_shorewall::monitor: allow port 80 + 443varac
2013-02-06allow outgoing traffic moved to site_shorewall::defaultsvarac
2013-02-06allow port 80 to tor servervarac
2013-02-06configure shorewall for couchdb, tor, webappvarac
2013-02-06allow all outgoing trafficvarac
2013-02-06Restructuring site_shorewallvarac
site_shorewall::defaults can be used on every host, it configures a basic firewall, which blocks everything from outside except ping + ssh, and allows outgoing traffic for http, git, dns.
2013-01-30start shorewall on vagrant nodes too (#1467)varac
2013-01-29fix variable name for re-ordered factMicah Anderson
2013-01-29setup special casing for vagrant/virtualboxMicah Anderson
2013-01-29fix variable scopingMicah Anderson
2013-01-29create a special case for vagrant machines that need to have both interfaces inMicah Anderson
the net zone so we dont lock ourselves out during deploy, but also are able to access the internet
2013-01-29enclose the variables in curly braces, as recommended by puppet-lintMicah Anderson
2013-01-29add a new fact that provides a fact for each configured ip address, telling youMicah Anderson
which interface has it (essentially the inverse of the ipaddress_${interface} fact). Switch the hiera lookups of the $interface, which was pulling from the .json to pull instead from the above fact, see #1547 and #1548
2013-01-29start shorewall on deploy (fixes #1122)varac
2013-01-17require the augeas class before doing any augeas operations (#1215)Micah Anderson
2012-12-14no need for sections in shorewall rulesvarac
from the shorewall-rules manpage: "If no Section Headers appear in the file then all rules are assumed to be in the NEW section."
2012-12-04set ip_forwarding using augeasMicah Anderson
2012-11-21move site_config::eip to site_openvpn (Feature #943)varac
2012-11-06duplicate definition after mergevarac
2012-11-06fixed unseen merge conflictsvarac
2012-11-06Merge branch 'feature/couchdb' into developvarac
Conflicts: puppet/modules/site_shorewall/manifests/eip.pp
2012-11-02accept all outgoing traffic on eip gwvarac
2012-10-30add dnat rule to redirect other ports to port 1194varac
2012-10-30start shorewall by defaultvarac
2012-10-29differentiate masq definition namesvarac
2012-10-29configure tcp+udp masqueradingvarac
2012-10-29configure tcp masqueradingvarac
2012-10-29pass ssh_port to shorewallvarac
2012-10-29put in double quotesvarac
2012-10-29move interface definition for eth0 to eip.pp, use variablevarac
2012-10-29lintedvarac
2012-10-25replace hardcoded interface eth0 with hiera variablevarac
2012-10-09shorewall: need to sprecify protocolvarac
2012-10-09shorewall: made rules more precise, use own macrovarac
2012-10-08no virtual IFs in shorewallvarac
2012-10-08Support for the norfc1918 interface option has been removed from Shorewallvarac
2012-10-08cleaned eip.pp, added second main ifvarac
2012-10-08cleaned defaults.ppvarac
2012-10-08shorewall: reorder policyvarac
2012-10-08shorewall: allow git access forvarac
2012-10-08shorewall: allow git access forvarac
2012-10-08shorewall: policy: accept eip2allvarac
2012-10-08shorewall: add empty source for masqvarac