diff options
-rw-r--r-- | REFERENCE.md | 8 | ||||
-rwxr-xr-x | files/ferm | 95 | ||||
-rw-r--r-- | manifests/init.pp | 2 | ||||
-rw-r--r-- | manifests/install.pp | 10 | ||||
-rw-r--r-- | spec/classes/ferm_spec.rb | 10 |
5 files changed, 0 insertions, 125 deletions
diff --git a/REFERENCE.md b/REFERENCE.md index 4092bc1..5b91153 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -94,14 +94,6 @@ Disable/Enable the management of the ferm default config Default value: ``false`` -##### `manage_initfile` - -Data type: `Boolean` - -Disable/Enable the management of the ferm init script for RedHat-based OS - -Default value: ``false`` - ##### `configfile` Data type: `Stdlib::Absolutepath` diff --git a/files/ferm b/files/ferm deleted file mode 100755 index fc2001d..0000000 --- a/files/ferm +++ /dev/null @@ -1,95 +0,0 @@ -#!/bin/sh - -# ----------------------------------------------------------------------------- -# ------------------------[ MANAGED BY PUPPET ]-------------------------------- -# ----------------------------------------------------------------------------- -# -# ferm Configure ferm firewall rules from /etc/ferm.conf -# -# Inspired by Max Kellermann <max@duempel.org> -# -# Version: $Revision: 001 $ -### BEGIN INIT INFO -# Provides: ferm -# Required-Start: $network $remote_fs -# Required-Stop: $network $remote_fs -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Description: Starts ferm firewall configuration -# short-description: ferm firewall configuration -### END INIT INFO - -PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -FERM=/usr/sbin/ferm -CONFIG=/etc/ferm.conf -NAME=ferm -DESC="firewall" - -test -x "${FERM}" || exit 0 -test -f "${CONFIG}" || exit 0 - -# shellcheck disable=SC1091 -[ -r /etc/sysconfig/ferm ] && . /etc/sysconfig/ferm - -lockfile=/var/lock/subsys/$NAME - -umask 0077 - -FAST=${FAST:-yes} -OPTIONS="${OPTIONS}" - -set -e - -# shellcheck disable=SC2086 -configure_ferm() { - if [ "${FAST}" = "yes" ]; then - ${FERM} ${OPTIONS} ${CONFIG} || return ${?} - else - ${FERM} ${OPTIONS} --slow ${CONFIG} || return ${?} - fi -} - -case "${1}" in - start|reload|restart|force-reload) - # shellcheck disable=SC2039 - echo -n "${1}ing ${DESC}" "${NAME}" - configure_ferm - RETVAL=$? - if [ $RETVAL -eq 0 ]; then - touch $lockfile - echo " ... ok." - else - echo "... failed!" - fi - exit $RETVAL - ;; - stop) - # shellcheck disable=SC2039 - echo -n "stopping ${DESC}" "${NAME}" - OPTIONS="${OPTIONS} --flush" - configure_ferm - RETVAL=$? - if [ $RETVAL -eq 0 ]; then - rm -f $lockfile - echo " ... ok." - else - echo "... failed!" - fi - exit $RETVAL - ;; - status) - if [ -f $lockfile ]; then - echo "${NAME} has configured iptables rules." - else - echo "${NAME} has NOT configured iptables rules." - exit 1 - fi - ;; - *) - N=/etc/init.d/${NAME} - echo "Usage: ${N} {start|stop|restart|reload|force-reload|status}" - exit 1 - ;; -esac - -exit 0 diff --git a/manifests/init.pp b/manifests/init.pp index 0484995..9317fbf 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -29,7 +29,6 @@ # # @param manage_service Disable/Enable the management of the ferm daemon # @param manage_configfile Disable/Enable the management of the ferm default config -# @param manage_initfile Disable/Enable the management of the ferm init script for RedHat-based OS # @param configfile Path to the config file # @param configdirectory Path to the directory where the module stores ferm configuration files # @param forward_disable_conntrack Enable/Disable the generation of conntrack rules for the FORWARD chain @@ -55,7 +54,6 @@ class ferm ( Stdlib::Absolutepath $configdirectory, Boolean $manage_service = false, Boolean $manage_configfile = false, - Boolean $manage_initfile = false, Boolean $forward_disable_conntrack = true, Boolean $output_disable_conntrack = true, Boolean $input_disable_conntrack = false, diff --git a/manifests/install.pp b/manifests/install.pp index c61a194..c27cedf 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -42,14 +42,4 @@ class ferm::install { fail("unexpected install_method ${ferm::install_method}") } } - - if $ferm::manage_initfile { - if $facts['os']['family'] == 'RedHat' and versioncmp($facts['os']['release']['major'], '6') <= 0 { - file { '/etc/init.d/ferm': - ensure => 'file', - mode => '0755', - source => "puppet:///modules/${module_name}/ferm", - } - } - } } diff --git a/spec/classes/ferm_spec.rb b/spec/classes/ferm_spec.rb index d400a7b..b134368 100644 --- a/spec/classes/ferm_spec.rb +++ b/spec/classes/ferm_spec.rb @@ -80,17 +80,7 @@ describe 'ferm' do it { is_expected.to contain_concat__fragment('mangle-OUTPUT-config-include') } it { is_expected.to contain_concat__fragment('mangle-POSTROUTING-config-include') } end - context 'with managed initfile' do - let :params do - { manage_initfile: true } - end - if facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i <= 6 - it { is_expected.to contain_file('/etc/init.d/ferm') } - else - it { is_expected.not_to contain_file('/etc/init.d/ferm') } - end - end context 'it creates chains' do it { is_expected.to contain_concat__fragment('raw-PREROUTING-policy') } it { is_expected.to contain_concat__fragment('raw-OUTPUT-policy') } |