From 8ab86e291a3575ae69363c4318fb2222c69dd8a5 Mon Sep 17 00:00:00 2001 From: Lebedev Vadim Date: Mon, 17 Mar 2014 02:31:09 +0400 Subject: * Add shorewall-blrules support --- manifests/blrules.pp | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 manifests/blrules.pp (limited to 'manifests/blrules.pp') diff --git a/manifests/blrules.pp b/manifests/blrules.pp new file mode 100644 index 0000000..843a28f --- /dev/null +++ b/manifests/blrules.pp @@ -0,0 +1,16 @@ +class shorewall::blrules ( + $whitelists, + $drops, +) { + file{'/etc/shorewall/puppet/blrules': + content => template("shorewall/blrules.erb"), + require => Package['shorewall'], + notify => Service['shorewall'], + owner => root, + group => 0, + mode => 0644; + } +} + + + -- cgit v1.2.3 From a03b6c47c27100d21cf9d881848a367a3bab20fa Mon Sep 17 00:00:00 2001 From: Lebedev Vadim Date: Tue, 18 Mar 2014 23:00:32 +0400 Subject: * Add example --- manifests/blrules.pp | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) (limited to 'manifests/blrules.pp') diff --git a/manifests/blrules.pp b/manifests/blrules.pp index 843a28f..e45739e 100644 --- a/manifests/blrules.pp +++ b/manifests/blrules.pp @@ -1,9 +1,31 @@ +# Manage blrules. For additional information type "man shorewall-blrules" +# +# Sample Usage: +# +# shorewall::interface { 'br0': +# zone => 'net', +# rfc1918 => true, +# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge'; +# } +# +# class { 'shorewall::blrules': +# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge', +# whitelists => [ +# "net:10.0.0.1,192.168.0.1 all", +# ], +# +# drops => [ +# 'net all tcp 22', #ssh +# ], +# } + + class shorewall::blrules ( $whitelists, $drops, ) { file{'/etc/shorewall/puppet/blrules': - content => template("shorewall/blrules.erb"), + content => template('shorewall/blrules.erb'), require => Package['shorewall'], notify => Service['shorewall'], owner => root, @@ -11,6 +33,3 @@ class shorewall::blrules ( mode => 0644; } } - - - -- cgit v1.2.3 From 473815ebdf0050c1cb2924891628e3555d10f4b2 Mon Sep 17 00:00:00 2001 From: Lebedev Vadim Date: Tue, 18 Mar 2014 23:01:33 +0400 Subject: * Fix typo --- manifests/blrules.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests/blrules.pp') diff --git a/manifests/blrules.pp b/manifests/blrules.pp index e45739e..b8fe73f 100644 --- a/manifests/blrules.pp +++ b/manifests/blrules.pp @@ -30,6 +30,6 @@ class shorewall::blrules ( notify => Service['shorewall'], owner => root, group => 0, - mode => 0644; + mode => '0644'; } } -- cgit v1.2.3 From 9d36decac41bf6cda6f09adfce76e6ef9138205f Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 12 Jan 2017 11:30:49 +0100 Subject: connect docu with class --- manifests/blrules.pp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'manifests/blrules.pp') diff --git a/manifests/blrules.pp b/manifests/blrules.pp index b8fe73f..7f3953b 100644 --- a/manifests/blrules.pp +++ b/manifests/blrules.pp @@ -18,8 +18,7 @@ # 'net all tcp 22', #ssh # ], # } - - +# class shorewall::blrules ( $whitelists, $drops, -- cgit v1.2.3 From ba8d84a98b4193867f3edda7fc3f497fd7edc373 Mon Sep 17 00:00:00 2001 From: Lebedev Vadim Date: Mon, 17 Mar 2014 02:31:09 +0400 Subject: * Add shorewall-blrules support --- manifests/blrules.pp | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 manifests/blrules.pp (limited to 'manifests/blrules.pp') diff --git a/manifests/blrules.pp b/manifests/blrules.pp new file mode 100644 index 0000000..843a28f --- /dev/null +++ b/manifests/blrules.pp @@ -0,0 +1,16 @@ +class shorewall::blrules ( + $whitelists, + $drops, +) { + file{'/etc/shorewall/puppet/blrules': + content => template("shorewall/blrules.erb"), + require => Package['shorewall'], + notify => Service['shorewall'], + owner => root, + group => 0, + mode => 0644; + } +} + + + -- cgit v1.2.3 From 4c69a621db40f60a3f43e6587e6367dbf8cbfb1a Mon Sep 17 00:00:00 2001 From: Lebedev Vadim Date: Tue, 18 Mar 2014 23:00:32 +0400 Subject: * Add example --- manifests/blrules.pp | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) (limited to 'manifests/blrules.pp') diff --git a/manifests/blrules.pp b/manifests/blrules.pp index 843a28f..e45739e 100644 --- a/manifests/blrules.pp +++ b/manifests/blrules.pp @@ -1,9 +1,31 @@ +# Manage blrules. For additional information type "man shorewall-blrules" +# +# Sample Usage: +# +# shorewall::interface { 'br0': +# zone => 'net', +# rfc1918 => true, +# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge'; +# } +# +# class { 'shorewall::blrules': +# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge', +# whitelists => [ +# "net:10.0.0.1,192.168.0.1 all", +# ], +# +# drops => [ +# 'net all tcp 22', #ssh +# ], +# } + + class shorewall::blrules ( $whitelists, $drops, ) { file{'/etc/shorewall/puppet/blrules': - content => template("shorewall/blrules.erb"), + content => template('shorewall/blrules.erb'), require => Package['shorewall'], notify => Service['shorewall'], owner => root, @@ -11,6 +33,3 @@ class shorewall::blrules ( mode => 0644; } } - - - -- cgit v1.2.3 From ea4721adecb9c8e0f5542c498b341a8ad87e0355 Mon Sep 17 00:00:00 2001 From: Lebedev Vadim Date: Tue, 18 Mar 2014 23:01:33 +0400 Subject: * Fix typo --- manifests/blrules.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests/blrules.pp') diff --git a/manifests/blrules.pp b/manifests/blrules.pp index e45739e..b8fe73f 100644 --- a/manifests/blrules.pp +++ b/manifests/blrules.pp @@ -30,6 +30,6 @@ class shorewall::blrules ( notify => Service['shorewall'], owner => root, group => 0, - mode => 0644; + mode => '0644'; } } -- cgit v1.2.3 From 8552753d9e3ab7662e618c54875e626a2b6926e9 Mon Sep 17 00:00:00 2001 From: Matt Taggart Date: Fri, 10 Feb 2017 13:08:12 -0800 Subject: remove deprecated blacklist the blacklist file was deprecated by upstream in 4.5.7, remove all references to them. Debian wheezy shipped with 4.5.5.3-3 (but could use a backport) and jessie has 4.6.4.3-2 currently. --- manifests/blrules.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests/blrules.pp') diff --git a/manifests/blrules.pp b/manifests/blrules.pp index b8fe73f..d6b5550 100644 --- a/manifests/blrules.pp +++ b/manifests/blrules.pp @@ -5,11 +5,11 @@ # shorewall::interface { 'br0': # zone => 'net', # rfc1918 => true, -# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge'; +# options => 'tcpflags,nosmurfs,routeback,bridge'; # } # # class { 'shorewall::blrules': -# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge', +# options => 'tcpflags,nosmurfs,routeback,bridge', # whitelists => [ # "net:10.0.0.1,192.168.0.1 all", # ], -- cgit v1.2.3 From 4b3f8eac5f343b5ecd2354d16e83256b8413e807 Mon Sep 17 00:00:00 2001 From: Matt Taggart Date: Fri, 10 Feb 2017 13:33:05 -0800 Subject: remove deprecated rfc1918 file this hasn't been supported since 3.x days --- manifests/blrules.pp | 1 - 1 file changed, 1 deletion(-) (limited to 'manifests/blrules.pp') diff --git a/manifests/blrules.pp b/manifests/blrules.pp index d6b5550..abf7508 100644 --- a/manifests/blrules.pp +++ b/manifests/blrules.pp @@ -4,7 +4,6 @@ # # shorewall::interface { 'br0': # zone => 'net', -# rfc1918 => true, # options => 'tcpflags,nosmurfs,routeback,bridge'; # } # -- cgit v1.2.3 From dbc02ed9a962ef85739094f4a3cbd4ad009d0dde Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 8 May 2017 22:12:02 +0200 Subject: don't notify the service --- manifests/blrules.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests/blrules.pp') diff --git a/manifests/blrules.pp b/manifests/blrules.pp index 7f3953b..f37e5ed 100644 --- a/manifests/blrules.pp +++ b/manifests/blrules.pp @@ -26,7 +26,7 @@ class shorewall::blrules ( file{'/etc/shorewall/puppet/blrules': content => template('shorewall/blrules.erb'), require => Package['shorewall'], - notify => Service['shorewall'], + notify => Exec['shorewall_check'], owner => root, group => 0, mode => '0644'; -- cgit v1.2.3