Mercurial > repos > other > Puppet
view modules/my_fw/manifests/pre.pp @ 242:7d8e664ebcc9 puppet-3.6
Change owner/group on Nextcloud for easy upgrade
We now prevent Apache writing to files using SELinux, so it is
secure during normal operation but can be upgraded through
the web app by disabling SELinux
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Fri, 20 Dec 2019 15:17:43 +0000 |
parents | 222904296578 |
children | e36b7f4f85f2 |
line wrap: on
line source
class my_fw::pre { Firewall { require => undef, } # Default firewall rules firewall { '000 accept all icmp': proto => 'icmp', action => 'accept', } -> firewall { '001 accept all to lo interface': proto => 'all', iniface => 'lo', action => 'accept', } -> firewall { "002 reject local traffic not on loopback interface": iniface => '! lo', proto => 'all', destination => '127.0.0.1/8', action => 'reject', } -> firewall { '003 accept related established rules': proto => 'all', state => ['RELATED', 'ESTABLISHED'], action => 'accept', } }