diff options
| author | mh <mh@immerda.ch> | 2017-04-25 17:12:59 +0200 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2017-04-25 17:12:59 +0200 |
| commit | 1bcdc4ad9340b1468e4bb14e0b7f1ea8bea73c7f (patch) | |
| tree | 8a2a475df4f85aeabd6788c04db76af8a228f654 | |
| parent | c2bf7e71d8598dbb05b5dee9f452b6332e9e916e (diff) | |
manage policies for shorewall6
| -rw-r--r-- | manifests/init.pp | 4 | ||||
| -rw-r--r-- | manifests/policy.pp | 24 | ||||
| -rw-r--r-- | manifests/policy4.pp | 22 | ||||
| -rw-r--r-- | manifests/policy6.pp | 22 |
4 files changed, 64 insertions, 8 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 9320944..52de35c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -19,6 +19,8 @@ class shorewall( $hosts = {}, $hosts_defaults = {}, $policy = {}, + $policy4 = {}, + $policy6 = {}, $policy_defaults = {}, $rules = {}, $rules4 = {}, @@ -136,6 +138,8 @@ class shorewall( create_resources('shorewall::interface',$interfaces,$interfaces_defaults) create_resources('shorewall::host',$hosts,$hosts_defaults) create_resources('shorewall::policy',$policy,$policy_defaults) + create_resources('shorewall::policy4',$policy4,$policy_defaults) + create_resources('shorewall::policy6',$policy6,$policy_defaults) create_resources('shorewall::rule',$rules,$rules_defaults) create_resources('shorewall::rule4',$rules4,$rules_defaults) create_resources('shorewall::rule6',$rules6,$rules_defaults) diff --git a/manifests/policy.pp b/manifests/policy.pp index efee05b..892a3d3 100644 --- a/manifests/policy.pp +++ b/manifests/policy.pp @@ -1,12 +1,20 @@ +# http://www.shorewall.net/manpages/shorewall-policy.html +# http://www.shorewall.net/manpages6/shorewall6-policy.html define shorewall::policy( - $sourcezone, - $destinationzone, - $policy, $shloglevel = '-', - $limitburst = '-', - $order + $sourcezone, + $destinationzone, + $policy, + $order, + $shloglevel = '-', + $limitburst = '-', + $shorewall = true, + $shorewall6 = true, ){ - shorewall::entry{"policy-${order}-${name}": - line => "# ${name}\n${sourcezone} ${destinationzone} ${policy} ${shloglevel} ${limitburst}", - } + $with_shorewall6 = $shorewall6 and $shorewall::with_shorewall6 + shorewall::entry{"policy-${order}-${name}": + line => "# ${name}\n${sourcezone} ${destinationzone} ${policy} ${shloglevel} ${limitburst}", + shorewall => $shorewall, + shorewall6 => $with_shorewall6, + } } diff --git a/manifests/policy4.pp b/manifests/policy4.pp new file mode 100644 index 0000000..301d9af --- /dev/null +++ b/manifests/policy4.pp @@ -0,0 +1,22 @@ +# http://www.shorewall.net/manpages/shorewall-policy.html +define shorewall::policy4( + $sourcezone, + $destinationzone, + $policy, + $order, + $shloglevel = '-', + $limitburst = '-', +){ + shorewall::policy{ + $name: + sourcezone => $sourcezone, + destinationzone => $destinationzone, + policy => $policy, + order => $order, + shloglevel => $shloglevel, + limitburst => $limitburst, + shorewall => true, + shorewall6 => false, + } +} + diff --git a/manifests/policy6.pp b/manifests/policy6.pp new file mode 100644 index 0000000..1a4735f --- /dev/null +++ b/manifests/policy6.pp @@ -0,0 +1,22 @@ +# http://www.shorewall.net/manpages6/shorewall6-policy.html +define shorewall::policy6( + $sourcezone, + $destinationzone, + $policy, + $order, + $shloglevel = '-', + $limitburst = '-', +){ + shorewall::policy{ + $name: + sourcezone => $sourcezone, + destinationzone => $destinationzone, + policy => $policy, + order => $order, + shloglevel => $shloglevel, + limitburst => $limitburst, + shorewall => false, + shorewall6 => true, + } +} + |