view modules/my_fw/manifests/pre.pp @ 242:7d8e664ebcc9 puppet-3.6

Change owner/group on Nextcloud for easy upgrade We now prevent Apache writing to files using SELinux, so it is secure during normal operation but can be upgraded through the web app by disabling SELinux
author IBBoard <dev@ibboard.co.uk>
date Fri, 20 Dec 2019 15:17:43 +0000
parents 222904296578
children e36b7f4f85f2
line wrap: on
line source

class my_fw::pre {
  Firewall {
    require => undef,
  }
   # Default firewall rules
  firewall { '000 accept all icmp':
    proto   => 'icmp',
    action  => 'accept',
  } ->
  firewall { '001 accept all to lo interface':
    proto   => 'all',
    iniface => 'lo',
    action  => 'accept',
  } ->
  firewall { "002 reject local traffic not on loopback interface":
    iniface     => '! lo',
    proto       => 'all',
    destination => '127.0.0.1/8',
    action      => 'reject',
  } ->
  firewall { '003 accept related established rules':
    proto   => 'all',
    state => ['RELATED', 'ESTABLISHED'],
    action  => 'accept',
  }
}