Mercurial > repos > other > Puppet

annotate modules/my_fw/manifests/pre.pp @ 482:d83de9b3a62b default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update hiera.yaml within Puppet config Forgot that we manage it from here. Now has content to match new packages
author IBBoard <dev@ibboard.co.uk>
date Fri, 30 Aug 2024 16:10:36 +0100
parents 2c3e745be8d2
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
40
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
1 class my_fw::pre {
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
2 Firewall {
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
3 require => undef,
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
4 }
279
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 40
diff changeset
5
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 40
diff changeset
6 $icmp_proto = $my_fw::ip_version == "IPv6" ? { true => 'ipv6-icmp', default => 'icmp' }
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 40
diff changeset
7 $localhost = $my_fw::ip_version == "IPv6" ? { true => '::1/128', default => '127.0.0.0/8' }
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 40
diff changeset
8
40
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
9 # Default firewall rules
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
10 firewall { '000 accept all icmp':
480
2c3e745be8d2 Update server defs and own modules to match
IBBoard <dev@ibboard.co.uk>
parents: 348
diff changeset
11 proto => $icmp_proto,
2c3e745be8d2 Update server defs and own modules to match
IBBoard <dev@ibboard.co.uk>
parents: 348
diff changeset
12 jump => 'accept',
40
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
13 } ->
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
14 firewall { '001 accept all to lo interface':
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
15 proto => 'all',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
16 iniface => 'lo',
480
2c3e745be8d2 Update server defs and own modules to match
IBBoard <dev@ibboard.co.uk>
parents: 348
diff changeset
17 jump => 'accept',
40
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
18 } ->
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
19 firewall { "002 reject local traffic not on loopback interface":
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
20 iniface => '! lo',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
21 proto => 'all',
279
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 40
diff changeset
22 destination => $localhost,
480
2c3e745be8d2 Update server defs and own modules to match
IBBoard <dev@ibboard.co.uk>
parents: 348
diff changeset
23 jump => 'reject',
40
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
24 } ->
348
11d940c9014e Update Firewall module to try and fix quoting string issue
IBBoard <dev@ibboard.co.uk>
parents: 279
diff changeset
25 firewall { '005 accept related established rules':
480
2c3e745be8d2 Update server defs and own modules to match
IBBoard <dev@ibboard.co.uk>
parents: 348
diff changeset
26 proto => 'all',
40
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
27 state => ['RELATED', 'ESTABLISHED'],
480
2c3e745be8d2 Update server defs and own modules to match
IBBoard <dev@ibboard.co.uk>
parents: 348
diff changeset
28 jump => 'accept',
40
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
29 }
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
30 }