diff options
| author | Tim Meusel <tim@bastelfreak.de> | 2019-08-31 20:28:27 +0200 |
|---|---|---|
| committer | Tim Meusel <tim@bastelfreak.de> | 2019-09-01 12:08:54 +0200 |
| commit | fc5f400d931c7beafeade383210e92d852a645ff (patch) | |
| tree | 46508cb301e8e141c1600d9a5080650ccddca17c /manifests | |
| parent | d6c0df12aa2b09bff70f88d51e7ef62045266095 (diff) | |
| download | puppet-ferm-fc5f400d931c7beafeade383210e92d852a645ff.tar.gz puppet-ferm-fc5f400d931c7beafeade383210e92d852a645ff.tar.bz2 | |
Add Debian 10 support & make configdirectory configureable
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/chain.pp | 8 | ||||
| -rw-r--r-- | manifests/config.pp | 11 | ||||
| -rw-r--r-- | manifests/init.pp | 4 | ||||
| -rw-r--r-- | manifests/rule.pp | 10 |
4 files changed, 19 insertions, 14 deletions
diff --git a/manifests/chain.pp b/manifests/chain.pp index 0a0071a..1198f62 100644 --- a/manifests/chain.pp +++ b/manifests/chain.pp @@ -7,17 +7,17 @@ define ferm::chain ( Ferm::Policies $policy, Boolean $disable_conntrack, Boolean $log_dropped_packets, - Ferm::Chains $chain = $name, + String[1] $chain = $name, ) { # concat resource for the chain $filename = downcase($chain) - concat{"/etc/ferm.d/chains/${chain}.conf": + concat{"${ferm::configdirectory}/chains/${chain}.conf": ensure => 'present', } concat::fragment{"${chain}-policy": - target => "/etc/ferm.d/chains/${chain}.conf", + target => "${ferm::configdirectory}/chains/${chain}.conf", content => epp( "${module_name}/ferm_chain_header.conf.epp", { 'policy' => $policy, @@ -29,7 +29,7 @@ define ferm::chain ( if $log_dropped_packets { concat::fragment{"${chain}-footer": - target => "/etc/ferm.d/chains/${chain}.conf", + target => "${ferm::configdirectory}/chains/${chain}.conf", content => epp("${module_name}/ferm_chain_footer.conf.epp", { 'chain' => $chain }), order => 'zzzzzzzzzzzzzzzzzzzzz', } diff --git a/manifests/config.pp b/manifests/config.pp index 23ed390..88fff15 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -9,13 +9,13 @@ class ferm::config { # copy static files to ferm # on a long term point of view, we want to package this - file{'/etc/ferm.d': + file{$ferm::configdirectory: ensure => 'directory', } - -> file{'/etc/ferm.d/definitions': + -> file{"${ferm::configdirectory}/definitions": ensure => 'directory', } - -> file{'/etc/ferm.d/chains': + -> file{"${ferm::configdirectory}/chains": ensure => 'directory', } @@ -25,7 +25,7 @@ class ferm::config { } concat::fragment{'ferm_header.conf': target => $ferm::configfile, - content => epp("${module_name}/ferm_header.conf.epp"), + content => epp("${module_name}/ferm_header.conf.epp", {'configdirectory' => $ferm::configdirectory}), order => '01', } @@ -33,7 +33,8 @@ class ferm::config { target => $ferm::configfile, content => epp( "${module_name}/ferm.conf.epp", { - 'ip' => $_ip, + 'ip' => $_ip, + 'configdirectory' => $ferm::configdirectory, } ), order => '50', diff --git a/manifests/init.pp b/manifests/init.pp index b70d56d..f1f9aa9 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -20,6 +20,9 @@ # @param configfile Path to the config file # Default value: /etc/ferm.conf # Allowed values: Stdlib::Absolutepath +# @param configdirectory Path to the directory where the module stores ferm configuration files +# Default value: /etc/ferm.d or /etc/ferm/ferm.d +# Allowed values: Stdlib::Absolutepath # @param disable_conntrack Disable/Enable the generation of conntrack rules # Default value: false # Allowed values: (true|false) @@ -51,6 +54,7 @@ class ferm ( Boolean $manage_configfile, Boolean $manage_initfile, Stdlib::Absolutepath $configfile, + Stdlib::Absolutepath $configdirectory, Boolean $disable_conntrack, Ferm::Policies $forward_policy, Ferm::Policies $output_policy, diff --git a/manifests/rule.pp b/manifests/rule.pp index bd17245..68e88a2 100644 --- a/manifests/rule.pp +++ b/manifests/rule.pp @@ -11,7 +11,7 @@ # @param interface an Optional interface where this rule should be applied # @param ensure Set the rule to present or absent define ferm::rule ( - Ferm::Chains $chain, + String[1] $chain, Ferm::Policies $policy, Ferm::Protocols $proto, String $comment = $name, @@ -68,28 +68,28 @@ define ferm::rule ( if $interface { unless defined(Concat::Fragment["${chain}-${interface}-aaa"]) { concat::fragment{"${chain}-${interface}-aaa": - target => "/etc/ferm.d/chains/${chain}.conf", + target => "${ferm::configdirectory}/chains/${chain}.conf", content => "interface ${interface} {\n", order => $interface, } } concat::fragment{"${chain}-${interface}-${name}": - target => "/etc/ferm.d/chains/${chain}.conf", + target => "${ferm::configdirectory}/chains/${chain}.conf", content => " ${rule}\n", order => $interface, } unless defined(Concat::Fragment["${chain}-${interface}-zzz"]) { concat::fragment{"${chain}-${interface}-zzz": - target => "/etc/ferm.d/chains/${chain}.conf", + target => "${ferm::configdirectory}/chains/${chain}.conf", content => "}\n", order => $interface, } } } else { concat::fragment{"${chain}-${name}": - target => "/etc/ferm.d/chains/${chain}.conf", + target => "${ferm::configdirectory}/chains/${chain}.conf", content => "${rule}\n", } } |