aboutsummaryrefslogtreecommitdiff
path: root/manifests
diff options
context:
space:
mode:
authormh <mh@immerda.ch>2013-08-25 18:44:45 +0200
committermh <mh@immerda.ch>2015-12-05 11:34:54 +0100
commit1d1a46aa9e16de851c88e76b033e1a1aa00e8c2c (patch)
treebf38f5069b5f32c1b3565a68c249564fac69b255 /manifests
parent3df8cae233b50bd836eeb347c13efe22f771573c (diff)
downloadpuppet-shorewall-1d1a46aa9e16de851c88e76b033e1a1aa00e8c2c.tar.gz
puppet-shorewall-1d1a46aa9e16de851c88e76b033e1a1aa00e8c2c.tar.bz2
make it easier to override behaviour of the dns rules
Diffstat (limited to 'manifests')
-rw-r--r--manifests/rules/dns.pp20
-rw-r--r--manifests/rules/dns/disable.pp7
-rw-r--r--manifests/rules/dns_rules.pp22
3 files changed, 30 insertions, 19 deletions
diff --git a/manifests/rules/dns.pp b/manifests/rules/dns.pp
index 99311ca..e775eee 100644
--- a/manifests/rules/dns.pp
+++ b/manifests/rules/dns.pp
@@ -1,18 +1,6 @@
+# open dns port
class shorewall::rules::dns {
- shorewall::rule {
- 'net-me-tcp_dns':
- source => 'net',
- destination => '$FW',
- proto => 'tcp',
- destinationport => '53',
- order => 240,
- action => 'ACCEPT';
- 'net-me-udp_dns':
- source => 'net',
- destination => '$FW',
- proto => 'udp',
- destinationport => '53',
- order => 240,
- action => 'ACCEPT';
- }
+ shorewall::rules::dns_rules{
+ 'net':
+ }
}
diff --git a/manifests/rules/dns/disable.pp b/manifests/rules/dns/disable.pp
index 36541da..7de923b 100644
--- a/manifests/rules/dns/disable.pp
+++ b/manifests/rules/dns/disable.pp
@@ -1,5 +1,6 @@
+# disable dns acccess
class shorewall::rules::dns::disable inherits shorewall::rules::dns {
- Shorewall::Rule['net-me-tcp_dns', 'net-me-udp_dns']{
- action => 'DROP',
- }
+ Shorewall::Rules::Dns_rules['net']{
+ action => 'DROP',
+ }
}
diff --git a/manifests/rules/dns_rules.pp b/manifests/rules/dns_rules.pp
new file mode 100644
index 0000000..abe0eb5
--- /dev/null
+++ b/manifests/rules/dns_rules.pp
@@ -0,0 +1,22 @@
+# open dns port
+define shorewall::rules::dns_rules(
+ $source = $name,
+ $action = 'ACCEPT',
+) {
+ shorewall::rule {
+ "${source}-me-tcp_dns":
+ source => $source,
+ destination => '$FW',
+ proto => 'tcp',
+ destinationport => '53',
+ order => 240,
+ action => $action;
+ "${source}-me-udp_dns":
+ source => $source,
+ destination => '$FW',
+ proto => 'udp',
+ destinationport => '53',
+ order => 240,
+ action => $action;
+ }
+}