Age | Commit message (Collapse) | Author |
|
site_shorewall
|
|
shorewall is installed first (#1741)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
site_shorewall::defaults can be used on every host, it configures
a basic firewall, which blocks everything from outside except
ping + ssh, and allows outgoing traffic for http, git, dns.
|
|
|
|
|
|
|
|
|
|
the net zone so we dont lock ourselves out during deploy, but also are able to
access the internet
|
|
|
|
which interface has it (essentially the inverse of the ipaddress_${interface}
fact).
Switch the hiera lookups of the $interface, which was pulling from the .json to
pull instead from the above fact, see #1547 and #1548
|
|
|
|
|
|
from the shorewall-rules manpage:
"If no Section Headers appear in the file then all rules are assumed to be in the NEW section."
|
|
|
|
|
|
|
|
|
|
Conflicts:
puppet/modules/site_shorewall/manifests/eip.pp
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|