From c71d16a192e2ae701027408b431d02048988775e Mon Sep 17 00:00:00 2001 From: Fabien COMBERNOUS Date: Thu, 24 Jan 2019 21:40:30 +0100 Subject: permit to choose ipv4, ipv6 or both --- manifests/config.pp | 8 +++++++- manifests/init.pp | 8 ++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) (limited to 'manifests') diff --git a/manifests/config.pp b/manifests/config.pp index 1736fa6..23ed390 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -5,6 +5,8 @@ class ferm::config { # this is a private class assert_private("You're not supposed to do that!") + $_ip = join($ferm::ip_versions, ' ') + # copy static files to ferm # on a long term point of view, we want to package this file{'/etc/ferm.d': @@ -29,7 +31,11 @@ class ferm::config { concat::fragment{'ferm.conf': target => $ferm::configfile, - content => epp("${module_name}/ferm.conf.epp"), + content => epp( + "${module_name}/ferm.conf.epp", { + 'ip' => $_ip, + } + ), order => '50', } } diff --git a/manifests/init.pp b/manifests/init.pp index 82f163c..a8b886d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -2,9 +2,10 @@ # # This class manages ferm installation and rule generation on modern linux systems # -# @example deploy ferm and start it +# @example deploy ferm and start it, on node with only ipv6 enabled # class{'ferm': -# manage_service => true, +# manage_service => true, +# ip_versions => ['ip6'], # } # # @param manage_service Disable/Enable the management of the ferm daemon @@ -40,6 +41,8 @@ # @param input_log_dropped_packets Enable/Disable logging in the INPUT chain of packets to the kernel log, if no explicit chain matched # Default value: false # Allowed values: (true|false) +# @param ip_versions Set list of versions of ip we want ot use. +# Default value: ['ip', 'ip6'] class ferm ( Boolean $manage_service, Boolean $manage_configfile, @@ -52,6 +55,7 @@ class ferm ( Boolean $output_log_dropped_packets, Boolean $input_log_dropped_packets, Hash $rules, + Array[Enum['ip','ip6']] $ip_versions, ) { contain ferm::install contain ferm::config -- cgit v1.2.3