# Basic configuration inspired by
# http://ferm.foo-projects.org/download/examples/workstation.ferm
class firewall::implementations::ferm::tpc {
  # Currently conflicting with the stdlib and concat module's versions in use
  #ferm::rule{ "allow-local-tcp":
  #  chain     => 'INPUT',
  #  action    => 'ACCEPT',
  #  proto     => 'tcp',
  #  interface => 'lo',
  #  ensure    => 'present',
  #}

  # Currently conflicting with the stdlib and concat module's versions in use
  #ferm::rule{ "allow-local-udp":
  #  chain     => 'INPUT',
  #  action    => 'ACCEPT',
  #  proto     => 'udp',
  #  interface => 'lo',
  #  ensure    => 'present',
  #}

  file { '/etc/ferm/ferm.conf':
    ensure  => present,
    owner   => root,
    group   => adm,
    mode    => '0644',
    require => Package['ferm'],
    notify  => Service['ferm'],
    source  => [
                 "puppet:///modules/firewall/ferm/ferm.conf.tpc",
                 "puppet:///modules/firewall/ferm/ferm.conf.${::hostname}",
                 "puppet:///modules/site_firewall/ferm/ferm.conf.tpc",
                 "puppet:///modules/site_firewall/ferm/ferm.conf.${::hostname}",
               ],
  }
}