other/Puppet: modules/my_fw/manifests/pre.pp comparison

comparison modules/my_fw/manifests/pre.pp @ 480:2c3e745be8d2

Update server defs and own modules to match * $osver and $fqdn and others are now all in $facts * Firewall swapped action for jump and has new way to do IPv6 * SSH server setup changed * Resolve warnings from fileserver.conf * has_key() no longer exists because Puppet can do "key in array" * Some variables are now more strictly typed Also: * Try to configure full IPv6 DNS resolver * Clean up old config - unused servers and some CentOS complexity

author	IBBoard <dev@ibboard.co.uk>
date	Thu, 29 Aug 2024 18:58:49 +0100
parents	11d940c9014e
children

comparison

equal deleted inserted replaced

-:162dc4376331
+:2c3e745be8d2
 $icmp_proto = $my_fw::ip_version == "IPv6" ? { true => 'ipv6-icmp', default => 'icmp' }
 $localhost = $my_fw::ip_version == "IPv6" ? { true => '::1/128', default => '127.0.0.0/8' }
 # Default firewall rules
 firewall { '000 accept all icmp':
-proto   => $icmp_proto,
+proto => $icmp_proto,
-action  => 'accept',
+jump  => 'accept',
 } ->
 firewall { '001 accept all to lo interface':
 proto   => 'all',
 iniface => 'lo',
-action  => 'accept',
+jump    => 'accept',
 } ->
 firewall { "002 reject local traffic not on loopback interface":
 iniface     => '! lo',
 proto       => 'all',
 destination => $localhost,
-action      => 'reject',
+jump        => 'reject',
 } ->
 firewall { '005 accept related established rules':
-proto   => 'all',
+proto => 'all',
 state => ['RELATED', 'ESTABLISHED'],
-action  => 'accept',
+jump  => 'accept',
 }
 }

Mercurial > repos > other > Puppet

comparison modules/my_fw/manifests/pre.pp @ 480:2c3e745be8d2