other/Puppet: modules/my_fw/manifests/pre.pp annotate

annotate modules/my_fw/manifests/pre.pp @ 242:7d8e664ebcc9 puppet-3.6

Change owner/group on Nextcloud for easy upgrade We now prevent Apache writing to files using SELinux, so it is secure during normal operation but can be upgraded through the web app by disabling SELinux

author	IBBoard <dev@ibboard.co.uk>
date	Fri, 20 Dec 2019 15:17:43 +0000
parents	222904296578
children	e36b7f4f85f2

rev	line source
40 222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	1 class my_fw::pre {
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	2 Firewall {
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	3 require => undef,
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	4 }
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	5 # Default firewall rules
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	6 firewall { '000 accept all icmp':
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	7 proto => 'icmp',
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	8 action => 'accept',
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	9 } ->
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	10 firewall { '001 accept all to lo interface':
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	11 proto => 'all',
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	12 iniface => 'lo',
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	13 action => 'accept',
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	14 } ->
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	15 firewall { "002 reject local traffic not on loopback interface":
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	16 iniface => '! lo',
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	17 proto => 'all',
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	18 destination => '127.0.0.1/8',
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	19 action => 'reject',
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	20 } ->
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	21 firewall { '003 accept related established rules':
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	22 proto => 'all',
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	23 state => ['RELATED', 'ESTABLISHED'],
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	24 action => 'accept',
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	25 }
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: diff changeset	26 }

Mercurial > repos > other > Puppet

annotate modules/my_fw/manifests/pre.pp @ 242:7d8e664ebcc9 puppet-3.6