From 0c5826db92e1e8556b89a3804079e96fb4abffb0 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 7 Feb 2011 00:31:33 +0100 Subject: add irc & irc-ssl outgoing rules --- manifests/rules/out/irc.pp | 10 ++++++++++ manifests/rules/out/ircs.pp | 10 ++++++++++ 2 files changed, 20 insertions(+) create mode 100644 manifests/rules/out/irc.pp create mode 100644 manifests/rules/out/ircs.pp (limited to 'manifests/rules/out') diff --git a/manifests/rules/out/irc.pp b/manifests/rules/out/irc.pp new file mode 100644 index 0000000..9c8590a --- /dev/null +++ b/manifests/rules/out/irc.pp @@ -0,0 +1,10 @@ +class shorewall::rules::out::irc { + shorewall::rule{'me-net-irc-tcp': + source => '$FW', + destination => 'net', + proto => 'tcp', + destinationport => '6667', + order => 240, + action => 'ACCEPT'; + } +} diff --git a/manifests/rules/out/ircs.pp b/manifests/rules/out/ircs.pp new file mode 100644 index 0000000..a71585d --- /dev/null +++ b/manifests/rules/out/ircs.pp @@ -0,0 +1,10 @@ +class shorewall::rules::out::ircs { + shorewall::rule{'me-net-ircs-tcp': + source => '$FW', + destination => 'net', + proto => 'tcp', + destinationport => '6669', + order => 240, + action => 'ACCEPT'; + } +} -- cgit v1.2.3 From e429b600b98c30675717303229ada47e390fbf84 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 1 Mar 2011 21:52:14 +0100 Subject: add ekeyd rules --- manifests/rules/out/ekeyd.pp | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 manifests/rules/out/ekeyd.pp (limited to 'manifests/rules/out') diff --git a/manifests/rules/out/ekeyd.pp b/manifests/rules/out/ekeyd.pp new file mode 100644 index 0000000..ef6f20a --- /dev/null +++ b/manifests/rules/out/ekeyd.pp @@ -0,0 +1,11 @@ +class shorewall::rules::out::ekeyd($ekeyd_host) { + shorewall::rule { 'me-net-tcp_ekeyd': + source => '$FW', + destination => "net:${ekeyd_host}", + proto => 'tcp', + destinationport => '8888', + order => 240, + action => 'ACCEPT'; + } +} + -- cgit v1.2.3 From e732ebc597c6ea2b95b84445a1866793d9b90d0d Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 2 Mar 2011 00:56:36 +0100 Subject: do it as a define so we can easily pass multiple target zones --- manifests/rules/out/ekeyd.pp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'manifests/rules/out') diff --git a/manifests/rules/out/ekeyd.pp b/manifests/rules/out/ekeyd.pp index ef6f20a..858dca4 100644 --- a/manifests/rules/out/ekeyd.pp +++ b/manifests/rules/out/ekeyd.pp @@ -1,11 +1,10 @@ -class shorewall::rules::out::ekeyd($ekeyd_host) { - shorewall::rule { 'me-net-tcp_ekeyd': +define shorewall::rules::out::ekeyd($ekeyd_host) { + shorewall::rule { "me-${name}-tcp_ekeyd": source => '$FW', - destination => "net:${ekeyd_host}", + destination => "${name}:${ekeyd_host}", proto => 'tcp', destinationport => '8888', order => 240, action => 'ACCEPT'; } } - -- cgit v1.2.3 From 7c8cdf47d20460009d560caec21f21346aa48b97 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 6 Mar 2011 14:56:15 +0100 Subject: add outgoing smtp rule --- manifests/rules/out/smtp.pp | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 manifests/rules/out/smtp.pp (limited to 'manifests/rules/out') diff --git a/manifests/rules/out/smtp.pp b/manifests/rules/out/smtp.pp new file mode 100644 index 0000000..2cc77cc --- /dev/null +++ b/manifests/rules/out/smtp.pp @@ -0,0 +1,11 @@ +class shorewall::rules::out::smtp { + shorewall::rule { + 'me-net-tcp_smtp': + source => '$FW', + destination => 'net', + proto => 'tcp', + destinationport => 'smtp', + order => 240, + action => 'ACCEPT'; + } +} -- cgit v1.2.3 From fa06b0a39402d09f1b4b8569f39bd4976fa31503 Mon Sep 17 00:00:00 2001 From: Simon Josi Date: Thu, 11 Feb 2010 17:07:30 +0100 Subject: add output rule for xmpp --- manifests/rules/out/xmpp.pp | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 manifests/rules/out/xmpp.pp (limited to 'manifests/rules/out') diff --git a/manifests/rules/out/xmpp.pp b/manifests/rules/out/xmpp.pp new file mode 100644 index 0000000..e7812e3 --- /dev/null +++ b/manifests/rules/out/xmpp.pp @@ -0,0 +1,10 @@ +class shorewall::rules::out::xmppp { + shorewall::rule{'me-net-xmpp-tcp': + source => '$FW', + destination => 'net', + proto => 'tcp', + destinationport => '5222', + order => 240, + action => 'ACCEPT'; + } +} -- cgit v1.2.3 From 8cf89667e3bfbe52a9342c3e2f5b2a381c6390de Mon Sep 17 00:00:00 2001 From: Simon Josi Date: Thu, 11 Feb 2010 21:00:00 +0100 Subject: fix typo --- manifests/rules/out/xmpp.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests/rules/out') diff --git a/manifests/rules/out/xmpp.pp b/manifests/rules/out/xmpp.pp index e7812e3..a1b4577 100644 --- a/manifests/rules/out/xmpp.pp +++ b/manifests/rules/out/xmpp.pp @@ -1,4 +1,4 @@ -class shorewall::rules::out::xmppp { +class shorewall::rules::out::xmpp { shorewall::rule{'me-net-xmpp-tcp': source => '$FW', destination => 'net', -- cgit v1.2.3 From 5f5482a2084029382a10058a287ff85c8c16c7ac Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 6 Jun 2012 01:19:34 -0300 Subject: fix for new style for 2.7 --- manifests/rules/out/ibackup.pp | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'manifests/rules/out') diff --git a/manifests/rules/out/ibackup.pp b/manifests/rules/out/ibackup.pp index ec12c8b..48714af 100644 --- a/manifests/rules/out/ibackup.pp +++ b/manifests/rules/out/ibackup.pp @@ -1,10 +1,9 @@ -class shorewall::rules::out::ibackup { - case $shorewall_ibackup_host { - '': { fail("You need to define \$shorewall_ibackup_host for ${fqdn}") } - } +class shorewall::rules::out::ibackup( + $backup_host = hiera('shorewall_ibackup_host') +) { shorewall::rule { 'me-net-tcp_backupssh': source => '$FW', - destination => "net:${shorewall_ibackup_host}", + destination => "net:${backup_host}", proto => 'tcp', destinationport => 'ssh', order => 240, -- cgit v1.2.3 From d1c97a77e3ab7add830ba1f0f377e57b612c44d8 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 8 Jun 2012 13:15:18 -0300 Subject: refactor things for >2.7 --- manifests/rules/out/ekeyd.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests/rules/out') diff --git a/manifests/rules/out/ekeyd.pp b/manifests/rules/out/ekeyd.pp index 858dca4..8acdaad 100644 --- a/manifests/rules/out/ekeyd.pp +++ b/manifests/rules/out/ekeyd.pp @@ -1,7 +1,7 @@ -define shorewall::rules::out::ekeyd($ekeyd_host) { +define shorewall::rules::out::ekeyd($host) { shorewall::rule { "me-${name}-tcp_ekeyd": source => '$FW', - destination => "${name}:${ekeyd_host}", + destination => "${name}:${host}", proto => 'tcp', destinationport => '8888', order => 240, -- cgit v1.2.3 From 210b66ab54f1c57a10a2e9a342559f77e649658f Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 13 Jun 2012 21:34:55 -0300 Subject: migrate away from hiera stuff --- manifests/rules/out/ibackup.pp | 20 ++++++++++---------- manifests/rules/out/munin.pp | 16 ++++++++-------- manifests/rules/out/puppet.pp | 30 +++++++++++++++++++----------- 3 files changed, 37 insertions(+), 29 deletions(-) (limited to 'manifests/rules/out') diff --git a/manifests/rules/out/ibackup.pp b/manifests/rules/out/ibackup.pp index 48714af..856bcdb 100644 --- a/manifests/rules/out/ibackup.pp +++ b/manifests/rules/out/ibackup.pp @@ -1,12 +1,12 @@ class shorewall::rules::out::ibackup( - $backup_host = hiera('shorewall_ibackup_host') -) { - shorewall::rule { 'me-net-tcp_backupssh': - source => '$FW', - destination => "net:${backup_host}", - proto => 'tcp', - destinationport => 'ssh', - order => 240, - action => 'ACCEPT'; - } + $backup_host +){ + shorewall::rule { 'me-net-tcp_backupssh': + source => '$FW', + destination => "net:${backup_host}", + proto => 'tcp', + destinationport => 'ssh', + order => 240, + action => 'ACCEPT'; + } } diff --git a/manifests/rules/out/munin.pp b/manifests/rules/out/munin.pp index 7b0a015..004a3d5 100644 --- a/manifests/rules/out/munin.pp +++ b/manifests/rules/out/munin.pp @@ -1,10 +1,10 @@ class shorewall::rules::out::munin { - shorewall::rule { 'me-net-rcp_muninhost': - source => '$FW', - destination => 'net', - proto => 'tcp', - destinationport => '4949', - order => 340, - action => 'ACCEPT'; - } + shorewall::rule { 'me-net-rcp_muninhost': + source => '$FW', + destination => 'net', + proto => 'tcp', + destinationport => '4949', + order => 340, + action => 'ACCEPT'; + } } diff --git a/manifests/rules/out/puppet.pp b/manifests/rules/out/puppet.pp index 5cd4643..cbe8cce 100644 --- a/manifests/rules/out/puppet.pp +++ b/manifests/rules/out/puppet.pp @@ -1,12 +1,20 @@ -class shorewall::rules::out::puppet { - include ::shorewall::rules::puppet - # we want to connect to the puppet server - shorewall::rule { 'me-net-puppet_tcp': - source => '$FW', - destination => 'net:$PUPPETSERVER', - proto => 'tcp', - destinationport => '$PUPPETSERVER_PORT,$PUPPETSERVER_SIGN_PORT', - order => 340, - action => 'ACCEPT'; - } +class shorewall::rules::out::puppet( + $puppetserver = "puppet.${::domain}", + $puppetserver_port = 8140, + $puppetserver_signport = 8141 +) { + class{'shorewall::rules::puppet': + puppetserver => $puppetserver, + puppetserver_port => $puppetserver_port, + puppetserver_signport => $puppetserver_signport, + } + # we want to connect to the puppet server + shorewall::rule { 'me-net-puppet_tcp': + source => '$FW', + destination => 'net:$PUPPETSERVER', + proto => 'tcp', + destinationport => '$PUPPETSERVER_PORT,$PUPPETSERVER_SIGN_PORT', + order => 340, + action => 'ACCEPT'; + } } -- cgit v1.2.3