Mercurial > repos > other > Puppet

view modules/my_fw/manifests/pre.pp @ 335:aa9f570d6a9c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Switch to PHP 7.4 now that NextCloud has reached v18 7.3 only lasted until December 2020 with active support. 7.4 is good until December 2021 with security until 2022.
author IBBoard <dev@ibboard.co.uk>
date Sun, 22 Mar 2020 19:41:50 +0000
parents e36b7f4f85f2
children 11d940c9014e
line wrap: on
line source

class my_fw::pre {
  Firewall {
    require => undef,
  }

  $icmp_proto = $my_fw::ip_version == "IPv6" ? { true => 'ipv6-icmp', default => 'icmp' }
  $localhost = $my_fw::ip_version == "IPv6" ? { true => '::1/128', default => '127.0.0.0/8' }

   # Default firewall rules
  firewall { '000 accept all icmp':
    proto   => $icmp_proto,
    action  => 'accept',
  } ->
  firewall { '001 accept all to lo interface':
    proto   => 'all',
    iniface => 'lo',
    action  => 'accept',
  } ->
  firewall { "002 reject local traffic not on loopback interface":
    iniface     => '! lo',
    proto       => 'all',
    destination => $localhost,
    action      => 'reject',
  } ->
  firewall { '003 accept related established rules':
    proto   => 'all',
    state => ['RELATED', 'ESTABLISHED'],
    action  => 'accept',
  }
}