diff options
author | Micah Anderson <micah@riseup.net> | 2017-06-23 10:50:25 -0400 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2017-06-23 10:50:25 -0400 |
commit | 65c3fe2d6084a50e5b0e189d982afe4cbde3f14b (patch) | |
tree | e3c1c3683407ba493b90e28af2ddf6ecbe766873 /manifests | |
parent | e0248f504ada8efb5184f43cbaf61097ce1ddd65 (diff) | |
parent | 837fd3f29f09727d5a20514d7549837b8d8b4997 (diff) |
Merge branch 'master' into puppet4
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/base.pp | 4 | ||||
-rw-r--r-- | manifests/blacklist.pp | 9 | ||||
-rw-r--r-- | manifests/blrules.pp | 5 | ||||
-rw-r--r-- | manifests/host.pp | 5 | ||||
-rw-r--r-- | manifests/init.pp | 48 | ||||
-rw-r--r-- | manifests/interface.pp | 10 | ||||
-rw-r--r-- | manifests/rfc1918.pp | 8 | ||||
-rw-r--r-- | manifests/stoppedrules.pp | 13 |
8 files changed, 42 insertions, 60 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index 22ef555..57f1685 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,9 +1,7 @@ # base things for shorewall class shorewall::base { - package { 'shorewall': - ensure => $shorewall::ensure_version, - } + ensure_packages({ 'shorewall' => { ensure => $shorewall::ensure_version }}) # This file has to be managed in place, so shorewall can find it file { diff --git a/manifests/blacklist.pp b/manifests/blacklist.pp deleted file mode 100644 index afbe216..0000000 --- a/manifests/blacklist.pp +++ /dev/null @@ -1,9 +0,0 @@ -define shorewall::blacklist( - $proto = '-', - $port = '-', - $order='100' -){ - shorewall::entry{"blacklist-${order}-${name}": - line => "${name} ${proto} ${port}", - } -} diff --git a/manifests/blrules.pp b/manifests/blrules.pp index b8fe73f..abf7508 100644 --- a/manifests/blrules.pp +++ b/manifests/blrules.pp @@ -4,12 +4,11 @@ # # shorewall::interface { 'br0': # zone => 'net', -# rfc1918 => true, -# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge'; +# options => 'tcpflags,nosmurfs,routeback,bridge'; # } # # class { 'shorewall::blrules': -# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge', +# options => 'tcpflags,nosmurfs,routeback,bridge', # whitelists => [ # "net:10.0.0.1,192.168.0.1 all", # ], diff --git a/manifests/host.pp b/manifests/host.pp index d2a73ce..2a088ac 100644 --- a/manifests/host.pp +++ b/manifests/host.pp @@ -1,8 +1,7 @@ define shorewall::host( $zone, - $host = $name, - $options = 'tcpflags,blacklist,norfc1918', - $order ='100' + $options = 'tcpflags', + $order='100' ){ shorewall::entry{"hosts-${order}-${name}": diff --git a/manifests/init.pp b/manifests/init.pp index aac1520..9cbc1e9 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -31,12 +31,10 @@ class shorewall( $proxyarp_defaults = {}, $nat = {}, $nat_defaults = {}, - $blacklist = {}, - $blacklist_defaults = {}, - $rfc1918 = {}, - $rfc1918_defaults = {}, $routestopped = {}, $routestopped_defaults = {}, + $stoppedrules = {}, + $stoppedrules_defaults = {}, $params = {}, $params_defaults = {}, $tcdevices = {}, @@ -64,41 +62,39 @@ class shorewall( shorewall::managed_file{ [ - # See http://www.shorewall.net/3.0/Documentation.htm#Zones + # See http://www.shorewall.net/manpages/shorewall-zones.html 'zones', - # See http://www.shorewall.net/3.0/Documentation.htm#Interfaces + # See http://www.shorewall.net/manpages/shorewall-interfaces.html 'interfaces', - # See http://www.shorewall.net/3.0/Documentation.htm#Hosts + # See http://www.shorewall.net/manpages/shorewall-hosts.html 'hosts', - # See http://www.shorewall.net/3.0/Documentation.htm#Policy + # See http://www.shorewall.net/manpages/shorewall-policy.html 'policy', - # See http://www.shorewall.net/3.0/Documentation.htm#Rules + # See http://www.shorewall.net/manpages/shorewall-rules.html 'rules', - # See http://www.shorewall.net/3.0/Documentation.htm#Masq + # See http://www.shorewall.net/manpages/shorewall-masq.html 'masq', - # See http://www.shorewall.net/3.0/Documentation.htm#ProxyArp + # See http://www.shorewall.net/manpages/shorewall-proxyarp.html 'proxyarp', - # See http://www.shorewall.net/3.0/Documentation.htm#NAT + # See http://www.shorewall.net/manpages/shorewall-nat.html 'nat', - # See http://www.shorewall.net/3.0/Documentation.htm#Blacklist - 'blacklist', - # See http://www.shorewall.net/3.0/Documentation.htm#rfc1918 - 'rfc1918', - # See http://www.shorewall.net/3.0/Documentation.htm#Routestopped + # See http://www.shorewall.net/manpages/shorewall-stoppedrules.html + 'stoppedrules', + # Deprecated http://www.shorewall.net/4.2/manpages/shorewall-routestopped.html 'routestopped', - # See http://www.shorewall.net/3.0/Documentation.htm#Variables + # See http://www.shorewall.net/manpages/shorewall-params.html 'params', - # See http://www.shorewall.net/3.0/traffic_shaping.htm + # See http://www.shorewall.net/manpages/shorewall-tcdevices.html 'tcdevices', - # See http://www.shorewall.net/3.0/traffic_shaping.htm + # Deprecated http://www.shorewall.net/4.6/manpages/shorewall-tcrules.htmle 'tcrules', - # See http://www.shorewall.net/3.0/traffic_shaping.htm + # See http://www.shorewall.net/manpages/shorewall-tcclasses.html 'tcclasses', - # http://www.shorewall.net/manpages/shorewall-providers.html + # See http://www.shorewall.net/manpages/shorewall-providers.html 'providers', # See http://www.shorewall.net/manpages/shorewall-tunnels.html - 'tunnels', - # See http://www.shorewall.net/MultiISP.html + 'tunnel', + # See http://www.shorewall.net/manpages/shorewall-rtrules.html 'rtrules', # See http://shorewall.net/manpages/shorewall-conntrack.html 'conntrack', @@ -116,8 +112,8 @@ class shorewall( create_resources('shorewall::masq',$masq,$masq_defaults) create_resources('shorewall::proxyarp',$proxyarp,$proxyarp_defaults) create_resources('shorewall::nat',$nat,$nat_defaults) - create_resources('shorewall::blacklist',$blacklist,$blacklist_defaults) - create_resources('shorewall::rfc1918',$rfc1918,$rfc1918_defaults) + create_resources('shorewall::stoppedrules',$stoppedrules, + $stoppedrules_defaults) create_resources('shorewall::routestopped',$routestopped, $routestopped_defaults) create_resources('shorewall::params',$params,$params_defaults) diff --git a/manifests/interface.pp b/manifests/interface.pp index 403ee74..670e477 100644 --- a/manifests/interface.pp +++ b/manifests/interface.pp @@ -1,9 +1,8 @@ define shorewall::interface( $zone, $broadcast = 'detect', - $options = 'tcpflags,blacklist,routefilter,nosmurfs,logmartians', + $options = 'tcpflags,routefilter,nosmurfs,logmartians', $add_options = '', - $rfc1918 = false, $dhcp = false, $order = 100 ){ @@ -17,13 +16,8 @@ define shorewall::interface( default => ',dhcp', } - $rfc1918_opt = $rfc1918 ? { - false => ',norfc1918', - default => '', - } - shorewall::entry { "interfaces-${order}-${name}": - line => "${zone} ${name} ${broadcast} ${options}${dhcp_opt}${rfc1918_opt}${added_opts}", + line => "${zone} ${name} ${broadcast} ${options}${dhcp_opt}${added_opts}", } } diff --git a/manifests/rfc1918.pp b/manifests/rfc1918.pp deleted file mode 100644 index 31dce5d..0000000 --- a/manifests/rfc1918.pp +++ /dev/null @@ -1,8 +0,0 @@ -define shorewall::rfc1918( - $action = 'logdrop', - $order='100' -){ - shorewall::entry{"rfc1918-${order}-${name}": - line => "${name} ${action}" - } -} diff --git a/manifests/stoppedrules.pp b/manifests/stoppedrules.pp new file mode 100644 index 0000000..2dff218 --- /dev/null +++ b/manifests/stoppedrules.pp @@ -0,0 +1,13 @@ +define shorewall::stoppedrules( + $action = 'ACCEPT', + $source = '-', + $destination = '-', + $proto = '-', + $destinationport = '-', + $sourceport = '-', + $order = '100' +){ + shorewall::entry{"stoppedrules-${order}-${name}": + line => "${action} ${source} ${destination} ${proto} ${destinationport} ${sourceport}" + } +} |