diff options
author | Lebedev Vadim <abraham1901@gmail.com> | 2016-04-29 13:05:55 +0300 |
---|---|---|
committer | Lebedev Vadim <abraham1901@gmail.com> | 2016-04-29 13:05:55 +0300 |
commit | ef445bc9b9482f5e6efa7f18fdc79efc60fccb5c (patch) | |
tree | 8cb787458aab582df8372ce4579de6d9d19a5699 /manifests | |
parent | 79503b830d17af99427c69eb64c2e21a7c36485f (diff) | |
parent | eaba8159fcfc38dbc72e2476e753b05ea7554d55 (diff) |
Merge branch 'master' of https://github.com/duritong/puppet-shorewall
Conflicts:
manifests/debian.pp
manifests/managed_file.pp
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/base.pp | 24 | ||||
-rw-r--r-- | manifests/debian.pp | 2 | ||||
-rw-r--r-- | manifests/init.pp | 71 | ||||
-rw-r--r-- | manifests/managed_file.pp | 2 | ||||
-rw-r--r-- | manifests/rules/jabberserver.pp | 41 | ||||
-rw-r--r-- | manifests/tunnel.pp | 2 | ||||
-rw-r--r-- | manifests/ubuntu/karmic.pp | 5 |
7 files changed, 101 insertions, 46 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index 4ee8747..12b8c34 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -10,14 +10,14 @@ class shorewall::base { '/etc/shorewall/shorewall.conf': require => Package[shorewall], notify => Service[shorewall], - owner => root, - group => 0, + owner => 'root', + group => 'root', mode => '0644'; '/etc/shorewall/puppet': ensure => directory, require => Package[shorewall], - owner => root, - group => 0, + owner => 'root', + group => 'root', mode => '0644'; } @@ -27,15 +27,13 @@ class shorewall::base { } } else { - require augeas - - augeas { 'shorewall_module_config_path': - changes => 'set /files/etc/shorewall/shorewall.conf/CONFIG_PATH \'"/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall"\'', - lens => 'Shellvars.lns', - incl => '/etc/shorewall/shorewall.conf', - notify => Service['shorewall'], - require => Package['shorewall']; - } + augeas { 'shorewall_module_config_path': + changes => 'set /files/etc/shorewall/shorewall.conf/CONFIG_PATH \'"/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall"\'', + lens => 'Shellvars.lns', + incl => '/etc/shorewall/shorewall.conf', + notify => Service['shorewall'], + require => Package['shorewall']; + } } service{'shorewall': diff --git a/manifests/debian.pp b/manifests/debian.pp index c439871..01d108f 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -3,7 +3,7 @@ class shorewall::debian inherits shorewall::base { content => template("shorewall/debian_default.erb"), require => Package['shorewall'], notify => Service['shorewall'], - owner => root, group => '0', mode => '0644'; + owner => 'root', group => 'root', mode => '0644'; } Service['shorewall']{ status => '/sbin/shorewall status' diff --git a/manifests/init.pp b/manifests/init.pp index cd6488b..5966bed 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -8,22 +8,49 @@ class shorewall( $tor_user = $::operatingsystem ? { 'Debian' => 'debian-tor', default => 'tor' - } + }, + $zones = {}, + $zones_defaults = {}, + $interfaces = {}, + $interfaces_defaults = {}, + $hosts = {}, + $hosts_defaults = {}, + $policy = {}, + $policy_defaults = {}, + $rules = {}, + $rules_defaults = {}, + $rulesections = {}, + $rulesections_defaults = {}, + $masq = {}, + $masq_defaults = {}, + $proxyarp = {}, + $proxyarp_defaults = {}, + $nat = {}, + $nat_defaults = {}, + $blacklist = {}, + $blacklist_defaults = {}, + $rfc1918 = {}, + $rfc1918_defaults = {}, + $routestopped = {}, + $routestopped_defaults = {}, + $params = {}, + $params_defaults = {}, + $tcdevices = {}, + $tcdevices_defaults = {}, + $tcrules = {}, + $tcrules_defaults = {}, + $tcclasses = {}, + $tcclasses_defaults = {}, + $tunnels = {}, + $tunnels_defaults = {}, + $rtrules = {}, + $rtrules_defaults = {}, ) { case $::operatingsystem { gentoo: { include shorewall::gentoo } - debian: { - include shorewall::debian - $dist_tor_user = 'debian-tor' - } + debian,ubuntu: { include shorewall::debian } centos: { include shorewall::centos } - ubuntu: { - case $::lsbdistcodename { - karmic: { include shorewall::ubuntu::karmic } - default: { include shorewall::debian } - } - } default: { notice "unknown operatingsystem: ${::operatingsystem}" include shorewall::base @@ -65,9 +92,29 @@ class shorewall( # http://www.shorewall.net/manpages/shorewall-providers.html 'providers', # See http://www.shorewall.net/manpages/shorewall-tunnels.html - 'tunnel', + 'tunnels', # See http://www.shorewall.net/MultiISP.html 'rtrules', ]:; } + + create_resources('shorewall::zone',$zones,$zones_defaults) + create_resources('shorewall::interface',$interfaces,$interfaces_defaults) + create_resources('shorewall::host',$hosts,$hosts_defaults) + create_resources('shorewall::policy',$policy,$policy_defaults) + create_resources('shorewall::rule',$rules,$rules_defaults) + create_resources('shorewall::rule_section',$rulesections,$rulesections_defaults) + create_resources('shorewall::masq',$masq,$masq_defaults) + create_resources('shorewall::proxyarp',$proxyarp,$proxyarp_defaults) + create_resources('shorewall::nat',$nat,$nat_defaults) + create_resources('shorewall::blacklist',$blacklist,$blacklist_defaults) + create_resources('shorewall::rfc1918',$rfc1918,$rfc1918_defaults) + create_resources('shorewall::routestopped',$routestopped, + $routestopped_defaults) + create_resources('shorewall::params',$params,$params_defaults) + create_resources('shorewall::tcdevices',$tcdevices,$tcdevices_defaults) + create_resources('shorewall::tcrules',$tcrules,$tcrules_defaults) + create_resources('shorewall::tcclasses',$tcclasses,$tcclasses_defaults) + create_resources('shorewall::tunnel',$tunnels,$tunnels_defaults) + create_resources('shorewall::rtrules',$rtrules,$rtrules_defaults) } diff --git a/manifests/managed_file.pp b/manifests/managed_file.pp index 75326b8..7061721 100644 --- a/manifests/managed_file.pp +++ b/manifests/managed_file.pp @@ -2,7 +2,7 @@ define shorewall::managed_file () { concat{ "/etc/shorewall/puppet/${name}": notify => Service['shorewall'], require => File['/etc/shorewall/puppet'], - owner => root, group => '0', mode => '0600'; + owner => 'root', group => 'root', mode => '0600'; } concat::fragment { "${name}-header": diff --git a/manifests/rules/jabberserver.pp b/manifests/rules/jabberserver.pp index 3b38b29..226d627 100644 --- a/manifests/rules/jabberserver.pp +++ b/manifests/rules/jabberserver.pp @@ -1,19 +1,34 @@ -class shorewall::rules::jabberserver { +# open ports used by a jabberserver +# in and outbound. +class shorewall::rules::jabberserver( + $open_stun = true, +) { shorewall::rule { 'net-me-tcp_jabber': - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => '5222,5223,5269', - order => 240, - action => 'ACCEPT'; + source => 'net', + destination => '$FW', + proto => 'tcp', + destinationport => '5222,5223,5269', + order => 240, + action => 'ACCEPT'; 'me-net-tcp_jabber_s2s': - source => '$FW', - destination => 'net', - proto => 'tcp', - destinationport => '5260,5269,5270,5271,5272', - order => 240, - action => 'ACCEPT'; + source => '$FW', + destination => 'net', + proto => 'tcp', + destinationport => '5260,5269,5270,5271,5272', + order => 240, + action => 'ACCEPT'; } + if $open_stun { + shorewall::rule { + 'net-me-udp_jabber_stun_server': + source => 'net', + destination => '$FW', + proto => 'udp', + destinationport => '3478', + order => 240, + action => 'ACCEPT'; + } + } } diff --git a/manifests/tunnel.pp b/manifests/tunnel.pp index 2cac922..0e645c8 100644 --- a/manifests/tunnel.pp +++ b/manifests/tunnel.pp @@ -5,7 +5,7 @@ define shorewall::tunnel( $gateway_zones = '', $order = '1' ) { - shorewall::entry { "tunnel-${order}-${name}": + shorewall::entry { "tunnels-${order}-${name}": line => "# ${name}\n${tunnel_type} ${zone} ${gateway} ${gateway_zones}", } } diff --git a/manifests/ubuntu/karmic.pp b/manifests/ubuntu/karmic.pp deleted file mode 100644 index 0df3789..0000000 --- a/manifests/ubuntu/karmic.pp +++ /dev/null @@ -1,5 +0,0 @@ -class shorewall::ubuntu::karmic inherits shorewall::debian { - Package['shorewall']{ - name => 'shorewall-shell', - } -} |