1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
# base things for shorewall
class shorewall::base {
package { 'shorewall':
ensure => $shorewall::ensure_version,
}
# This file has to be managed in place, so shorewall can find it
file {
'/etc/shorewall/shorewall.conf':
require => Package['shorewall'],
notify => Exec['shorewall_check'],
owner => 'root',
group => 'root',
mode => '0644';
'/etc/shorewall/puppet':
ensure => directory,
require => Package['shorewall'],
owner => 'root',
group => 'root',
mode => '0644';
}
if $shorewall::conf_source {
File['/etc/shorewall/shorewall.conf']{
source => $shorewall::conf_source,
}
} else {
Class['augeas'] -> Class['shorewall::base']
augeas { 'shorewall_module_config_path':
changes => 'set /files/etc/shorewall/shorewall.conf/CONFIG_PATH \'"/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall"\'',
lens => 'Shellvars.lns',
incl => '/etc/shorewall/shorewall.conf',
notify => Exec['shorewall_check'],
require => Package['shorewall'];
}
}
exec{'shorewall_check':
command => 'shorewall check',
refreshonly => true,
notify => Service['shorewall'],
}
service{'shorewall':
ensure => running,
enable => true,
hasstatus => true,
hasrestart => true,
require => Package['shorewall'],
}
file{'/etc/cron.daily/shorewall_check':}
if $shorewall::daily_check {
File['/etc/cron.daily/shorewall_check']{
content => '#!/bin/bash
output=$(shorewall check 2>&1)
if [ $? -gt 0 ]; then
echo "Error while checking firewall!"
echo $output
exit 1
fi
exit 0
',
owner => root,
group => 0,
mode => '0700',
require => Service['shorewall'],
}
} else {
File['/etc/cron.daily/shorewall_check']{
ensure => absent,
}
}
}
|