Mercurial > repos > other > Puppet

annotate modules/my_fw/manifests/pre.pp @ 40:222904296578 puppet-3.6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add firewall handling when we run without APF
author IBBoard <dev@ibboard.co.uk>
date Sat, 14 Mar 2015 22:22:26 +0000
parents
children e36b7f4f85f2
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
40
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
1 class my_fw::pre {
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
2 Firewall {
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
3 require => undef,
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
4 }
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
5 # Default firewall rules
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
6 firewall { '000 accept all icmp':
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
7 proto => 'icmp',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
8 action => 'accept',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
9 } ->
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
10 firewall { '001 accept all to lo interface':
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
11 proto => 'all',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
12 iniface => 'lo',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
13 action => 'accept',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
14 } ->
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
15 firewall { "002 reject local traffic not on loopback interface":
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
16 iniface => '! lo',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
17 proto => 'all',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
18 destination => '127.0.0.1/8',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
19 action => 'reject',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
20 } ->
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
21 firewall { '003 accept related established rules':
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
22 proto => 'all',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
23 state => ['RELATED', 'ESTABLISHED'],
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
24 action => 'accept',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
25 }
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
26 }