Mercurial > repos > other > Puppet
view modules/my_fw/manifests/pre.pp @ 474:28d327443c45
Keep host on redir to HTTPS to fix HSTS
Apparently it doesn't apply if you redirect from http with no-www
to https with www (or vice versa)
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sun, 11 Aug 2024 11:16:05 +0100 |
parents | 11d940c9014e |
children | 2c3e745be8d2 |
line wrap: on
line source
class my_fw::pre { Firewall { require => undef, } $icmp_proto = $my_fw::ip_version == "IPv6" ? { true => 'ipv6-icmp', default => 'icmp' } $localhost = $my_fw::ip_version == "IPv6" ? { true => '::1/128', default => '127.0.0.0/8' } # Default firewall rules firewall { '000 accept all icmp': proto => $icmp_proto, action => 'accept', } -> firewall { '001 accept all to lo interface': proto => 'all', iniface => 'lo', action => 'accept', } -> firewall { "002 reject local traffic not on loopback interface": iniface => '! lo', proto => 'all', destination => $localhost, action => 'reject', } -> firewall { '005 accept related established rules': proto => 'all', state => ['RELATED', 'ESTABLISHED'], action => 'accept', } }