diff options
Diffstat (limited to 'manifests/config.pp')
-rw-r--r-- | manifests/config.pp | 29 |
1 files changed, 14 insertions, 15 deletions
diff --git a/manifests/config.pp b/manifests/config.pp index 8ed0f57..3016c60 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -4,7 +4,6 @@ # @summary This class handles the configuration file. Avoid modifying private classes. # class ferm::config { - # this is a private class assert_private("You're not supposed to do that!") @@ -22,51 +21,51 @@ class ferm::config { # copy static files to ferm # on a long term point of view, we want to package this - file{$ferm::configdirectory: + file { $ferm::configdirectory: ensure => 'directory', } - -> file{"${ferm::configdirectory}/definitions": + -> file { "${ferm::configdirectory}/definitions": ensure => 'directory', } - -> file{"${ferm::configdirectory}/chains": + -> file { "${ferm::configdirectory}/chains": ensure => 'directory', } if $ferm::manage_configfile { - concat{$ferm::configfile: + concat { $ferm::configfile: ensure => 'present', } - concat::fragment{'ferm_header.conf': + concat::fragment { 'ferm_header.conf': target => $ferm::configfile, - content => epp("${module_name}/ferm_header.conf.epp", {'configdirectory' => $ferm::configdirectory}), + content => epp("${module_name}/ferm_header.conf.epp", { 'configdirectory' => $ferm::configdirectory }), order => '01', } - concat::fragment{'ferm.conf': + concat::fragment { 'ferm.conf': target => $ferm::configfile, content => epp( "${module_name}/ferm.conf.epp", { 'ip' => $_ip, 'configdirectory' => $ferm::configdirectory, 'preserve_chains_in_tables' => $ferm::preserve_chains_in_tables, - } + } ), order => '50', } } - ferm::chain{'INPUT': + ferm::chain { 'INPUT': policy => $ferm::input_policy, disable_conntrack => $ferm::input_disable_conntrack, log_dropped_packets => $ferm::input_log_dropped_packets, drop_invalid_packets_with_conntrack => $ferm::input_drop_invalid_packets_with_conntrack, } - ferm::chain{'FORWARD': + ferm::chain { 'FORWARD': policy => $ferm::forward_policy, disable_conntrack => $ferm::forward_disable_conntrack, log_dropped_packets => $ferm::forward_log_dropped_packets, } - ferm::chain{'OUTPUT': + ferm::chain { 'OUTPUT': policy => $ferm::output_policy, disable_conntrack => $ferm::output_disable_conntrack, log_dropped_packets => $ferm::output_log_dropped_packets, @@ -77,7 +76,7 @@ class ferm::config { # initialize default tables and chains ['PREROUTING', 'OUTPUT'].each |$raw_chain| { - ferm::chain{"raw-${raw_chain}": + ferm::chain { "raw-${raw_chain}": chain => $raw_chain, policy => 'ACCEPT', disable_conntrack => true, @@ -101,7 +100,7 @@ class ferm::config { $domains = ['ip'] } } - ferm::chain{"nat-${nat_chain}": + ferm::chain { "nat-${nat_chain}": chain => $nat_chain, policy => 'ACCEPT', disable_conntrack => true, @@ -111,7 +110,7 @@ class ferm::config { } } ['PREROUTING', 'INPUT', 'FORWARD', 'OUTPUT', 'POSTROUTING'].each |$mangle_chain| { - ferm::chain{"mangle-${mangle_chain}": + ferm::chain { "mangle-${mangle_chain}": chain => $mangle_chain, policy => 'ACCEPT', disable_conntrack => true, |