Mercurial > repos > other > Puppet

view modules/my_fw/manifests/init.pp @ 471:65290cb0cec2 default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tidy up SSH firewall handling We can be generic while referencing private values for specific ports
author IBBoard <dev@ibboard.co.uk>
date Sun, 12 May 2024 19:51:53 +0100
parents 66c406eec60d
children
line wrap: on
line source

class my_fw ($ip_version) {
  $real_ensure_v4 = $ip_version == "IPv6" ? { true => 'stopped', default => 'running'}
  $real_ensure_v6 = $ip_version == "IPv6" ? { true => 'running', default => 'stopped'}
  case $::operatingsystem {
    'CentOS': {
      $ensure_v4 = $real_ensure_v4
      $ensure_v6 = $real_ensure_v6
    }
    # Ubuntu doesn't understand IPv4 vs IPv6
    'Ubuntu': {
      $ensure_v4 = ($real_ensure_v4 == 'running' or $real_ensure_v6 == 'running') ? { true => 'running', default => 'stopped' }
      $ensure_v6 = undef
    }
  }
  Firewall <| |> {
    provider => $ip_version == "IPv6" ? { true => 'ip6tables', default => 'iptables'},
  }
  class { ['my_fw::pre', 'my_fw::post']: }
  class { 'firewall':
    ensure => $ensure_v4,
    ensure_v6 => $ensure_v6,
  }
}