diff options
Diffstat (limited to 'manifests/init.pp')
-rw-r--r-- | manifests/init.pp | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/manifests/init.pp b/manifests/init.pp new file mode 100644 index 0000000..17ebeff --- /dev/null +++ b/manifests/init.pp @@ -0,0 +1,55 @@ +# Class: ferm +# +# This class manages ferm installation and rule generation on modern linux systems +# +# @example deploy ferm and start it +# class{'ferm': +# manage_service => true, +# } +# +# @param manage_service [Boolean] disable/enable the management of the ferm daemon +# Default value: false +# Allowed values: (true|false) +# @param manage_configfile [Boolean] disable/enable the management of the ferm default config +# Default value: false +# Allowed values: (true|false) +# @param configfile [Stdlib::Absolutepath] path to the config file +# Default value: /etc/ferm.conf +# Allowed values: Stdlib::Absolutepath +# @param forward_policy [Ferm::Policies] default policy for the FORWARD chain +# Default value: DROP +# Allowed values: (ACCEPT|DROP|REJECT) +# @param output_policy [Ferm::Policies] default policy for the OUTPUT chain +# Default value: ACCEPT +# Allowed values: (ACCEPT|DROP|REJECT) +# @param input_policy [Ferm::Policies] default policy for the INPUT chain +# Default value: DROP +# Allowed values: (ACCEPT|DROP|REJECT) +# @param rules a hash that holds all data for ferm::rule +# Default value: Empty Hash +# Allowed value: Any Hash +class ferm ( + Boolean $manage_service, + Boolean $manage_configfile, + Stdlib::Absolutepath $configfile, + Ferm::Policies $forward_policy, + Ferm::Policies $output_policy, + Ferm::Policies $input_policy, + Hash $rules, +) { + contain ferm::install + contain ferm::config + contain ferm::service + + Class['ferm::install'] + -> Class['ferm::config'] + ~> Class['ferm::service'] + + $rules.each |$rulename, $attributes| { + ferm::rule{$rulename: + * => $attributes, + } + } + # import all exported resources with ferm rules for this node + Ferm::Rule <<| tag == $trusted['certname'] |>> +} |