Mercurial > repos > other > Puppet

view modules/my_fw/manifests/pre.pp @ 399:2c6065b5be5e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Switch to config-based PHP extensions This makes it compatible with Ubuntu, otherwise it keeps trying to re-install the same module because the "phpX.X" package is a virtual package and the Puppet handling of Ubuntu's "is it installed" system is incapable of saying "yes" when a virtual package is installed.
author IBBoard <dev@ibboard.co.uk>
date Wed, 20 Apr 2022 19:08:14 +0100
parents 11d940c9014e
children 2c3e745be8d2
line wrap: on
line source

class my_fw::pre {
  Firewall {
    require => undef,
  }

  $icmp_proto = $my_fw::ip_version == "IPv6" ? { true => 'ipv6-icmp', default => 'icmp' }
  $localhost = $my_fw::ip_version == "IPv6" ? { true => '::1/128', default => '127.0.0.0/8' }

   # Default firewall rules
  firewall { '000 accept all icmp':
    proto   => $icmp_proto,
    action  => 'accept',
  } ->
  firewall { '001 accept all to lo interface':
    proto   => 'all',
    iniface => 'lo',
    action  => 'accept',
  } ->
  firewall { "002 reject local traffic not on loopback interface":
    iniface     => '! lo',
    proto       => 'all',
    destination => $localhost,
    action      => 'reject',
  } ->
  firewall { '005 accept related established rules':
    proto   => 'all',
    state => ['RELATED', 'ESTABLISHED'],
    action  => 'accept',
  }
}