* Add shorewall-blrules support

author: Lebedev Vadim <abraham1901@gmail.com> 2014-03-17 02:31:09 +0400
committer: Matt Taggart <taggart@riseup.net> 2017-02-09 15:02:57 -0800
commit: ba8d84a98b4193867f3edda7fc3f497fd7edc373 (patch)
tree: b00ee64df6ca6520626b0e3c4f36a29a88eef006
parent: f35965e0d13c5a20213046f7facbfd609d418545 (diff)
2 files changed, 31 insertions, 0 deletions
diff --git a/manifests/blrules.pp b/manifests/blrules.pp
new file mode 100644
index 0000000..843a28f
--- /dev/null
+++ b/manifests/blrules.pp
@@ -0,0 +1,16 @@
+class shorewall::blrules (
+  $whitelists,
+  $drops,
+) {
+  file{'/etc/shorewall/puppet/blrules':
+    content => template("shorewall/blrules.erb"),
+    require => Package['shorewall'],
+    notify  => Service['shorewall'],
+    owner   => root,
+    group   => 0,
+    mode    => 0644;
+  }
+}
+
+
+
diff --git a/templates/blrules.erb b/templates/blrules.erb
new file mode 100644
index 0000000..4c9af79
--- /dev/null
+++ b/templates/blrules.erb
@@ -0,0 +1,15 @@
+#
+# Shorewall version 4.4 - Rule-based Blacklisting
+#
+# For information about entries in this file, type "man shorewall-blrules"
+#
+# Please see http://shorewall.net/blacklisting_support.htm for additional
+# information.
+#
+###############################################################################
+<% @whitelists.each do |value| -%>
+WHITELIST       <%= value %>
+<% end -%>
+<% @drops.each do |value| -%>
+REJECT <%= value %>
+<% end -%>
author	Lebedev Vadim <abraham1901@gmail.com>	2014-03-17 02:31:09 +0400
committer	Matt Taggart <taggart@riseup.net>	2017-02-09 15:02:57 -0800
commit	ba8d84a98b4193867f3edda7fc3f497fd7edc373 (patch)
tree	b00ee64df6ca6520626b0e3c4f36a29a88eef006
parent	f35965e0d13c5a20213046f7facbfd609d418545 (diff)