diff options
-rw-r--r-- | manifests/blrules.pp | 16 | ||||
-rw-r--r-- | templates/blrules.erb | 15 |
2 files changed, 31 insertions, 0 deletions
diff --git a/manifests/blrules.pp b/manifests/blrules.pp new file mode 100644 index 0000000..843a28f --- /dev/null +++ b/manifests/blrules.pp @@ -0,0 +1,16 @@ +class shorewall::blrules ( + $whitelists, + $drops, +) { + file{'/etc/shorewall/puppet/blrules': + content => template("shorewall/blrules.erb"), + require => Package['shorewall'], + notify => Service['shorewall'], + owner => root, + group => 0, + mode => 0644; + } +} + + + diff --git a/templates/blrules.erb b/templates/blrules.erb new file mode 100644 index 0000000..4c9af79 --- /dev/null +++ b/templates/blrules.erb @@ -0,0 +1,15 @@ +# +# Shorewall version 4.4 - Rule-based Blacklisting +# +# For information about entries in this file, type "man shorewall-blrules" +# +# Please see http://shorewall.net/blacklisting_support.htm for additional +# information. +# +############################################################################### +<% @whitelists.each do |value| -%> +WHITELIST <%= value %> +<% end -%> +<% @drops.each do |value| -%> +REJECT <%= value %> +<% end -%> |