Mercurial > repos > other > Puppet

view modules/my_fw/manifests/pre.pp @ 45:175d4f9cd747 puppet-3.6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tweak wording for accuracy
author IBBoard <dev@ibboard.co.uk>
date Sun, 07 Jun 2015 20:47:31 +0100
parents 222904296578
children e36b7f4f85f2
line wrap: on
line source

class my_fw::pre {
  Firewall {
    require => undef,
  }
   # Default firewall rules
  firewall { '000 accept all icmp':
    proto   => 'icmp',
    action  => 'accept',
  } ->
  firewall { '001 accept all to lo interface':
    proto   => 'all',
    iniface => 'lo',
    action  => 'accept',
  } ->
  firewall { "002 reject local traffic not on loopback interface":
    iniface     => '! lo',
    proto       => 'all',
    destination => '127.0.0.1/8',
    action      => 'reject',
  } ->
  firewall { '003 accept related established rules':
    proto   => 'all',
    state => ['RELATED', 'ESTABLISHED'],
    action  => 'accept',
  }
}