Mercurial > repos > other > Puppet
comparison modules/my_fw/manifests/pre.pp @ 40:222904296578 puppet-3.6
Add firewall handling when we run without APF
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sat, 14 Mar 2015 22:22:26 +0000 |
| parents | |
| children | e36b7f4f85f2 |
comparison
equal
deleted
inserted
replaced
| 39:d6f2a0ee45c0 | 40:222904296578 |
|---|---|
| 1 class my_fw::pre { | |
| 2 Firewall { | |
| 3 require => undef, | |
| 4 } | |
| 5 # Default firewall rules | |
| 6 firewall { '000 accept all icmp': | |
| 7 proto => 'icmp', | |
| 8 action => 'accept', | |
| 9 } -> | |
| 10 firewall { '001 accept all to lo interface': | |
| 11 proto => 'all', | |
| 12 iniface => 'lo', | |
| 13 action => 'accept', | |
| 14 } -> | |
| 15 firewall { "002 reject local traffic not on loopback interface": | |
| 16 iniface => '! lo', | |
| 17 proto => 'all', | |
| 18 destination => '127.0.0.1/8', | |
| 19 action => 'reject', | |
| 20 } -> | |
| 21 firewall { '003 accept related established rules': | |
| 22 proto => 'all', | |
| 23 state => ['RELATED', 'ESTABLISHED'], | |
| 24 action => 'accept', | |
| 25 } | |
| 26 } |