diff options
author | mh <mh@immerda.ch> | 2015-11-20 23:01:37 +0100 |
---|---|---|
committer | mh <mh@immerda.ch> | 2015-12-05 11:36:31 +0100 |
commit | 77ef3216c06b3c501dd63a8df9a7e5561ffc7992 (patch) | |
tree | acefea45e1631fea5e8ca6a8716003134f6cab40 | |
parent | bbd82b23d8d5d7ef41f05bc6f4afc5ba400a91f4 (diff) |
check shorewall daily on problems to alert if a rule won't compile
-rw-r--r-- | manifests/base.pp | 24 | ||||
-rw-r--r-- | manifests/init.pp | 1 |
2 files changed, 25 insertions, 0 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index 41348ef..0cf3dc6 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -50,4 +50,28 @@ class shorewall::base { hasrestart => true, require => Package['shorewall'], } + + file{'/etc/cron.daily/shorewall_check':} + if $shorewall::daily_check { + File['/etc/cron.daily/shorewall_check']{ + content => '#!/bin/bash + +output=$(shorewall check 2>&1) +if [ $? -gt 0 ]; then + echo "Error while checking firewall!" + echo $output + exit 1 +fi +exit 0 +', + owner => root, + group => 0, + mode => '0700', + require => Service['shorewall'], + } + } else { + File['/etc/cron.daily/shorewall_check']{ + ensure => absent, + } + } } diff --git a/manifests/init.pp b/manifests/init.pp index cfca3c3..27f9c4c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -45,6 +45,7 @@ class shorewall( $tunnels_defaults = {}, $rtrules = {}, $rtrules_defaults = {}, + $daily_check = true, ) { case $::operatingsystem { |