From 8ab86e291a3575ae69363c4318fb2222c69dd8a5 Mon Sep 17 00:00:00 2001 From: Lebedev Vadim Date: Mon, 17 Mar 2014 02:31:09 +0400 Subject: * Add shorewall-blrules support --- manifests/blrules.pp | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 manifests/blrules.pp (limited to 'manifests/blrules.pp') diff --git a/manifests/blrules.pp b/manifests/blrules.pp new file mode 100644 index 0000000..843a28f --- /dev/null +++ b/manifests/blrules.pp @@ -0,0 +1,16 @@ +class shorewall::blrules ( + $whitelists, + $drops, +) { + file{'/etc/shorewall/puppet/blrules': + content => template("shorewall/blrules.erb"), + require => Package['shorewall'], + notify => Service['shorewall'], + owner => root, + group => 0, + mode => 0644; + } +} + + + -- cgit v1.2.3 From a03b6c47c27100d21cf9d881848a367a3bab20fa Mon Sep 17 00:00:00 2001 From: Lebedev Vadim Date: Tue, 18 Mar 2014 23:00:32 +0400 Subject: * Add example --- manifests/blrules.pp | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) (limited to 'manifests/blrules.pp') diff --git a/manifests/blrules.pp b/manifests/blrules.pp index 843a28f..e45739e 100644 --- a/manifests/blrules.pp +++ b/manifests/blrules.pp @@ -1,9 +1,31 @@ +# Manage blrules. For additional information type "man shorewall-blrules" +# +# Sample Usage: +# +# shorewall::interface { 'br0': +# zone => 'net', +# rfc1918 => true, +# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge'; +# } +# +# class { 'shorewall::blrules': +# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge', +# whitelists => [ +# "net:10.0.0.1,192.168.0.1 all", +# ], +# +# drops => [ +# 'net all tcp 22', #ssh +# ], +# } + + class shorewall::blrules ( $whitelists, $drops, ) { file{'/etc/shorewall/puppet/blrules': - content => template("shorewall/blrules.erb"), + content => template('shorewall/blrules.erb'), require => Package['shorewall'], notify => Service['shorewall'], owner => root, @@ -11,6 +33,3 @@ class shorewall::blrules ( mode => 0644; } } - - - -- cgit v1.2.3 From 473815ebdf0050c1cb2924891628e3555d10f4b2 Mon Sep 17 00:00:00 2001 From: Lebedev Vadim Date: Tue, 18 Mar 2014 23:01:33 +0400 Subject: * Fix typo --- manifests/blrules.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests/blrules.pp') diff --git a/manifests/blrules.pp b/manifests/blrules.pp index e45739e..b8fe73f 100644 --- a/manifests/blrules.pp +++ b/manifests/blrules.pp @@ -30,6 +30,6 @@ class shorewall::blrules ( notify => Service['shorewall'], owner => root, group => 0, - mode => 0644; + mode => '0644'; } } -- cgit v1.2.3