Merge pull request #5 from abraham1901/master

* Add shorewall-blrules support
author: duritong <peter.meier+github@immerda.ch> 2016-08-03 00:55:47 +0200
committer: GitHub <noreply@github.com> 2016-08-03 00:55:47 +0200
commit: 6d78d6c7b5c7617077260c94d7158b61f430494e (patch)
tree: 05a44f1ae387a2cdee74a11d91af1b4826597292 /manifests/blrules.pp
parent: eaba8159fcfc38dbc72e2476e753b05ea7554d55 (diff)
parent: 3b623df1f88adf2a177829dacae822dec2c3c7d0 (diff)
1 files changed, 35 insertions, 0 deletions
diff --git a/manifests/blrules.pp b/manifests/blrules.pp
new file mode 100644
index 0000000..b8fe73f
--- /dev/null
+++ b/manifests/blrules.pp
@@ -0,0 +1,35 @@
+# Manage blrules. For additional information type "man shorewall-blrules"
+#
+# Sample Usage:
+#
+#  shorewall::interface { 'br0':
+#    zone    => 'net',
+#    rfc1918  => true,
+#    options => 'tcpflags,blacklist,nosmurfs,routeback,bridge';
+#  }
+#
+#  class { 'shorewall::blrules':
+#    options         => 'tcpflags,blacklist,nosmurfs,routeback,bridge',
+#    whitelists    =>  [
+#                          "net:10.0.0.1,192.168.0.1 all",
+#                        ],
+#
+#    drops           => [
+#                          'net  all tcp 22', #ssh
+#                       ],
+#  }
+
+
+class shorewall::blrules (
+  $whitelists,
+  $drops,
+) {
+  file{'/etc/shorewall/puppet/blrules':
+    content => template('shorewall/blrules.erb'),
+    require => Package['shorewall'],
+    notify  => Service['shorewall'],
+    owner   => root,
+    group   => 0,
+    mode    => '0644';
+  }
+}
author	duritong <peter.meier+github@immerda.ch>	2016-08-03 00:55:47 +0200
committer	GitHub <noreply@github.com>	2016-08-03 00:55:47 +0200
commit	6d78d6c7b5c7617077260c94d7158b61f430494e (patch)
tree	05a44f1ae387a2cdee74a11d91af1b4826597292 /manifests/blrules.pp
parent	eaba8159fcfc38dbc72e2476e753b05ea7554d55 (diff)
parent	3b623df1f88adf2a177829dacae822dec2c3c7d0 (diff)