Mercurial > repos > other > Puppet
diff modules/my_fw/manifests/pre.pp @ 40:222904296578 puppet-3.6
Add firewall handling when we run without APF
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sat, 14 Mar 2015 22:22:26 +0000 |
| parents | |
| children | e36b7f4f85f2 |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/my_fw/manifests/pre.pp Sat Mar 14 22:22:26 2015 +0000 @@ -0,0 +1,26 @@ +class my_fw::pre { + Firewall { + require => undef, + } + # Default firewall rules + firewall { '000 accept all icmp': + proto => 'icmp', + action => 'accept', + } -> + firewall { '001 accept all to lo interface': + proto => 'all', + iniface => 'lo', + action => 'accept', + } -> + firewall { "002 reject local traffic not on loopback interface": + iniface => '! lo', + proto => 'all', + destination => '127.0.0.1/8', + action => 'reject', + } -> + firewall { '003 accept related established rules': + proto => 'all', + state => ['RELATED', 'ESTABLISHED'], + action => 'accept', + } +}