diff options
| author | intrigeri <intrigeri@boum.org> | 2010-12-11 11:37:25 +0100 |
|---|---|---|
| committer | intrigeri <intrigeri@boum.org> | 2010-12-11 11:37:25 +0100 |
| commit | b68b1d90015967d9527365b1d2727283934a30db (patch) | |
| tree | bc771aaf6a68a556724ecab5df8ee38b232d4870 | |
| parent | f79bf97ec82e8adcf002ca6834b0df66f28e61f2 (diff) | |
| parent | d0d76dc943e3521e706918e23f20bb85f5c4c1b8 (diff) | |
| download | puppet-shorewall-b68b1d90015967d9527365b1d2727283934a30db.tar.gz puppet-shorewall-b68b1d90015967d9527365b1d2727283934a30db.tar.bz2 | |
Merge remote branch 'immerda/master'
| -rw-r--r-- | manifests/rules/identd.pp | 10 | ||||
| -rw-r--r-- | manifests/rules/out/silc.pp | 19 | ||||
| -rw-r--r-- | manifests/rules/silcd.pp | 19 | ||||
| -rw-r--r-- | manifests/rules/ssh.pp | 19 | ||||
| -rw-r--r-- | manifests/rules/tinc.pp | 34 |
5 files changed, 92 insertions, 9 deletions
diff --git a/manifests/rules/identd.pp b/manifests/rules/identd.pp new file mode 100644 index 0000000..719e581 --- /dev/null +++ b/manifests/rules/identd.pp @@ -0,0 +1,10 @@ +class shorewall::rules::identd { + shorewall::rule { 'net-me-identd-tcp': + source => 'net', + destination => '$FW', + proto => 'tcp', + destinationport => '113', + order => 240, + action => 'ACCEPT'; + } +} diff --git a/manifests/rules/out/silc.pp b/manifests/rules/out/silc.pp new file mode 100644 index 0000000..830df9c --- /dev/null +++ b/manifests/rules/out/silc.pp @@ -0,0 +1,19 @@ +class shorewall::rules::out::silc { + shorewall::rule{ + 'me-net-silc-tcp': + source => '$FW', + destination => 'net', + proto => 'tcp', + destinationport => '706', + order => 240, + action => 'ACCEPT'; + 'me-net-silc-udp': + source => '$FW', + destination => 'net', + proto => 'udp', + destinationport => '706', + order => 240, + action => 'ACCEPT'; + + } +} diff --git a/manifests/rules/silcd.pp b/manifests/rules/silcd.pp new file mode 100644 index 0000000..91ee4a5 --- /dev/null +++ b/manifests/rules/silcd.pp @@ -0,0 +1,19 @@ +class shorewall::rules::silcd { + shorewall::rule{ + 'net-me-silcd-tcp': + source => 'net', + destination => '$FW', + proto => 'tcp', + destinationport => '706', + order => 240, + action => 'ACCEPT'; + 'net-me-silcd-udp': + source => 'net', + destination => '$FW', + proto => 'udp', + destinationport => '706', + order => 240, + action => 'ACCEPT'; + + } +} diff --git a/manifests/rules/ssh.pp b/manifests/rules/ssh.pp index f587259..0eebcb4 100644 --- a/manifests/rules/ssh.pp +++ b/manifests/rules/ssh.pp @@ -1,10 +1,11 @@ -class shorewall::rules::ssh { - shorewall::rule { 'net-me-tcp_ssh': - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => 'ssh', - order => 240, - action => 'ACCEPT'; - } +class shorewall::rules::ssh($ports) { + $flatted_ports = join($ports,',') + shorewall::rule { 'net-me-tcp_ssh': + source => 'net', + destination => '$FW', + proto => 'tcp', + destinationport => $flatted_ports, + order => 240, + action => 'ACCEPT'; + } } diff --git a/manifests/rules/tinc.pp b/manifests/rules/tinc.pp new file mode 100644 index 0000000..79cf92e --- /dev/null +++ b/manifests/rules/tinc.pp @@ -0,0 +1,34 @@ +class shorewall::rules::tinc { + shorewall::rule { 'net-me-tinc-tcp': + source => 'net', + destination => '$FW', + proto => 'tcp', + destinationport => '655', + order => 240, + action => 'ACCEPT'; + } + shorewall::rule { 'me-net-tinc-tcp': + source => '$FW', + destination => 'net', + proto => 'tcp', + destinationport => '655', + order => 240, + action => 'ACCEPT'; + } + shorewall::rule { 'net-me-tinc-udp': + source => 'net', + destination => '$FW', + proto => 'udp', + destinationport => '655', + order => 240, + action => 'ACCEPT'; + } + shorewall::rule { 'me-net-tinc-udp': + source => '$FW', + destination => 'net', + proto => 'udp', + destinationport => '655', + order => 240, + action => 'ACCEPT'; + } +} |