view modules/my_fw/manifests/pre.pp @ 474:28d327443c45

Keep host on redir to HTTPS to fix HSTS Apparently it doesn't apply if you redirect from http with no-www to https with www (or vice versa)
author IBBoard <dev@ibboard.co.uk>
date Sun, 11 Aug 2024 11:16:05 +0100
parents 11d940c9014e
children 2c3e745be8d2
line wrap: on
line source

class my_fw::pre {
  Firewall {
    require => undef,
  }

  $icmp_proto = $my_fw::ip_version == "IPv6" ? { true => 'ipv6-icmp', default => 'icmp' }
  $localhost = $my_fw::ip_version == "IPv6" ? { true => '::1/128', default => '127.0.0.0/8' }

   # Default firewall rules
  firewall { '000 accept all icmp':
    proto   => $icmp_proto,
    action  => 'accept',
  } ->
  firewall { '001 accept all to lo interface':
    proto   => 'all',
    iniface => 'lo',
    action  => 'accept',
  } ->
  firewall { "002 reject local traffic not on loopback interface":
    iniface     => '! lo',
    proto       => 'all',
    destination => $localhost,
    action      => 'reject',
  } ->
  firewall { '005 accept related established rules':
    proto   => 'all',
    state => ['RELATED', 'ESTABLISHED'],
    action  => 'accept',
  }
}