aboutsummaryrefslogtreecommitdiff
path: root/README
diff options
context:
space:
mode:
authormh <mh@immerda.ch>2012-06-06 01:19:34 -0300
committermh <mh@immerda.ch>2012-06-06 01:19:34 -0300
commit5f5482a2084029382a10058a287ff85c8c16c7ac (patch)
tree2e4c6f2fe63e525935133685b6341928ac3f7885 /README
parentce27d7cd097c0e2267be494b9988efe91b87165f (diff)
downloadpuppet-shorewall-5f5482a2084029382a10058a287ff85c8c16c7ac.tar.gz
puppet-shorewall-5f5482a2084029382a10058a287ff85c8c16c7ac.tar.bz2
fix for new style for 2.7
Diffstat (limited to 'README')
-rw-r--r--README111
1 files changed, 55 insertions, 56 deletions
diff --git a/README b/README
index feac7fc..77a845c 100644
--- a/README
+++ b/README
@@ -21,8 +21,9 @@ Example
Example from node.pp:
node xy {
- $shorewall_startup="0" # create shorewall ruleset but don't startup
- include config::site-shorewall
+ class{'config::site_shorewall':
+ startup => "0" # create shorewall ruleset but don't startup
+ }
shorewall::rule {
'incoming-ssh': source => 'all', destination => '$FW', action => 'SSH/ACCEPT', order => 200;
'incoming-puppetmaster': source => 'all', destination => '$FW', action => 'Puppetmaster/ACCEPT', order => 300;
@@ -32,62 +33,60 @@ node xy {
}
-class config::site-shorewall {
- include shorewall
-
- # If you want logging:
- #shorewall::params {
- # 'LOG': value => 'debug';
- # 'MAILSERVER': value => $shorewall_mailserver;
- #}
-
- shorewall::zone {'net':
- type => 'ipv4';
- }
-
- shorewall::rule_section { 'NEW':
- order => 100;
- }
-
- case $shorewall_rfc1918_maineth {
- '': {$shorewall_rfc1918_maineth = true }
- }
-
- case $shorewall_main_interface {
- '': { $shorewall_main_interface = 'eth0' }
- }
-
- shorewall::interface {"$shorewall_main_interface":
- zone => 'net',
- rfc1918 => $shorewall_rfc1918_maineth,
- options => 'tcpflags,blacklist,nosmurfs';
- }
-
- shorewall::policy {
- 'fw-to-fw':
- sourcezone => '$FW',
- destinationzone => '$FW',
- policy => 'ACCEPT',
- order => 100;
- 'fw-to-net':
- sourcezone => '$FW',
- destinationzone => 'net',
- policy => 'ACCEPT',
- shloglevel => '$LOG',
- order => 110;
- 'net-to-fw':
- sourcezone => 'net',
- destinationzone => '$FW',
- policy => 'DROP',
- shloglevel => '$LOG',
- order => 120;
- }
+class config::site_shorewall($startup = '1') {
+ class{'shorewall':
+ startup => $startup
+ }
+
+ # If you want logging:
+ #shorewall::params {
+ # 'LOG': value => 'debug';
+ #}
+
+ shorewall::zone {'net':
+ type => 'ipv4';
+ }
+
+ shorewall::rule_section { 'NEW':
+ order => 100;
+ }
+
+ $shorewall_main_interface hiera('shorewall_main_interface','eth0')
+ shorewall::interface { $shorewall_main_interface:
+ zone => 'net',
+ rfc1918 => hiera('shorewall_rfc1918_maineth',true)
+ options => 'tcpflags,blacklist,nosmurfs';
+ }
+
+ shorewall::policy {
+ 'fw-to-fw':
+ sourcezone => '$FW',
+ destinationzone => '$FW',
+ policy => 'ACCEPT',
+ order => 100;
+ 'fw-to-net':
+ sourcezone => '$FW',
+ destinationzone => 'net',
+ policy => 'ACCEPT',
+ shloglevel => '$LOG',
+ order => 110;
+ 'net-to-fw':
+ sourcezone => 'net',
+ destinationzone => '$FW',
+ policy => 'DROP',
+ shloglevel => '$LOG',
+ order => 120;
+ }
- # default Rules : ICMP
- shorewall::rule { 'allicmp-to-host': source => 'all', destination => '$FW', order => 200, action => 'AllowICMPs/ACCEPT';
- }
-
+ # default Rules : ICMP
+ shorewall::rule {
+ 'allicmp-to-host':
+ source => 'all',
+ destination => '$FW',
+ order => 200,
+ action => 'AllowICMPs/ACCEPT';
+ }
}