Merge pull request #47 from bastelfreak/header

add `managed by puppet` header to template

2 files changed, 1 insertions, 38 deletions

diff --git a/files/ferm.conf b/files/ferm.conf
deleted file mode 100644
index 27eea58..0000000
--- a/files/ferm.conf
+++ /dev/null
@@ -1,38 +0,0 @@
-# -*- shell-script -*-
-#
-# Ferm example script
-#
-# Firewall configuration for a workstation which accepts remote ssh login.
-#
-# Author: Max Kellermann <max@duempel.org>
-#
-
-table filter {
-    chain INPUT {
-        policy DROP;
-
-        # connection tracking
-        mod state state INVALID DROP;
-        mod state state (ESTABLISHED RELATED) ACCEPT;
-
-        # allow local connections
-        interface lo ACCEPT;
-
-        # respond to ping
-        proto icmp icmp-type echo-request ACCEPT;
-
-        # allow SSH connections
-        proto tcp dport ssh ACCEPT;
-
-        # ident connections are also allowed
-        proto tcp dport auth ACCEPT;
-
-        # the rest is dropped by the above policy
-    }
-
-    # outgoing connections are not limited
-    chain OUTPUT policy ACCEPT;
-
-    # this is not a router
-    chain FORWARD policy DROP;
-}
diff --git a/templates/ferm_chain_header.conf.epp b/templates/ferm_chain_header.conf.epp
index e2c30e6..f94b18d 100644
--- a/templates/ferm_chain_header.conf.epp
+++ b/templates/ferm_chain_header.conf.epp
@@ -1,6 +1,7 @@
 <%- | Ferm::Policies $policy,
       Boolean $disable_conntrack,
 | -%>
+# THIS FILE IS MANAGED BY PUPPET
 # Default policy for this chain
 policy <%= $policy %>;