1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
# defined resource which creates all rules for one chain
# @param policy Set the default policy for a CHAIN
# @param disable_conntrack Disable/Enable usage of conntrack
# @param chain Name of the chain that should be managed
# @param log_dropped_packets Enable/Disable logging of packets to the kernel log, if no explicit chain matched
define ferm::chain (
Ferm::Policies $policy,
Boolean $disable_conntrack,
Boolean $log_dropped_packets,
Ferm::Chains $chain = $name,
) {
# concat resource for the chain
$filename = downcase($chain)
concat{"/etc/ferm.d/chains/${chain}.conf":
ensure => 'present',
}
concat::fragment{"${chain}-policy":
target => "/etc/ferm.d/chains/${chain}.conf",
content => epp(
"${module_name}/ferm_chain_header.conf.epp", {
'policy' => $policy,
'disable_conntrack' => $disable_conntrack,
}
),
order => '01',
}
if $log_dropped_packets {
concat::fragment{"${chain}-footer":
target => "/etc/ferm.d/chains/${chain}.conf",
content => epp("${module_name}/ferm_chain_footer.conf.epp", { 'chain' => $chain }),
order => 'zzzzzzzzzzzzzzzzzzzzz',
}
}
}
|
