diff options
author | mh <mh@immerda.ch> | 2017-01-12 11:29:28 +0100 |
---|---|---|
committer | mh <mh@immerda.ch> | 2017-01-12 11:29:28 +0100 |
commit | 53fa57dbd5bd1ea0e8da5aaffe509df7a47d1730 (patch) | |
tree | b8027acdad3a0013033210c6f95ebc2b50d42a0c /manifests | |
parent | 8b20a24773e646a827f5bd9eb6030bfcbf12137d (diff) | |
parent | 6d78d6c7b5c7617077260c94d7158b61f430494e (diff) |
Merge remote-tracking branch 'github/master'
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/blrules.pp | 35 | ||||
-rw-r--r-- | manifests/init.pp | 2 | ||||
-rw-r--r-- | manifests/rule_section.pp | 9 | ||||
-rw-r--r-- | manifests/tunnel.pp | 2 |
4 files changed, 41 insertions, 7 deletions
diff --git a/manifests/blrules.pp b/manifests/blrules.pp new file mode 100644 index 0000000..b8fe73f --- /dev/null +++ b/manifests/blrules.pp @@ -0,0 +1,35 @@ +# Manage blrules. For additional information type "man shorewall-blrules" +# +# Sample Usage: +# +# shorewall::interface { 'br0': +# zone => 'net', +# rfc1918 => true, +# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge'; +# } +# +# class { 'shorewall::blrules': +# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge', +# whitelists => [ +# "net:10.0.0.1,192.168.0.1 all", +# ], +# +# drops => [ +# 'net all tcp 22', #ssh +# ], +# } + + +class shorewall::blrules ( + $whitelists, + $drops, +) { + file{'/etc/shorewall/puppet/blrules': + content => template('shorewall/blrules.erb'), + require => Package['shorewall'], + notify => Service['shorewall'], + owner => root, + group => 0, + mode => '0644'; + } +} diff --git a/manifests/init.pp b/manifests/init.pp index ede0be2..afdc7d7 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -97,7 +97,7 @@ class shorewall( # http://www.shorewall.net/manpages/shorewall-providers.html 'providers', # See http://www.shorewall.net/manpages/shorewall-tunnels.html - 'tunnel', + 'tunnels', # See http://www.shorewall.net/MultiISP.html 'rtrules', # See http://www.shorewall.net/manpages/shorewall-mangle.html diff --git a/manifests/rule_section.pp b/manifests/rule_section.pp index d853f70..08e5708 100644 --- a/manifests/rule_section.pp +++ b/manifests/rule_section.pp @@ -2,12 +2,11 @@ define shorewall::rule_section( $order ){ - if $::operatingsystem == 'CentOS' and versioncmp($::operatingsystemmajrelease,'6') > 0 { - $prefix = '?SECTION' - } else { - $prefix = 'SECTION' + $rule_section_prefix = $shorewall_major_version ? { + '5' => '?' } + shorewall::entry{"rules-${order}-${name}": - line => "${prefix} ${name}", + line => "${rule_section_prefix}SECTION ${name}", } } diff --git a/manifests/tunnel.pp b/manifests/tunnel.pp index 2cac922..0e645c8 100644 --- a/manifests/tunnel.pp +++ b/manifests/tunnel.pp @@ -5,7 +5,7 @@ define shorewall::tunnel( $gateway_zones = '', $order = '1' ) { - shorewall::entry { "tunnel-${order}-${name}": + shorewall::entry { "tunnels-${order}-${name}": line => "# ${name}\n${tunnel_type} ${zone} ${gateway} ${gateway_zones}", } } |