diff options
| -rw-r--r-- | files/shorewall.conf.Default (renamed from files/shorewall.conf.Gentoo.) | 0 | ||||
| -rw-r--r-- | manifests/init.pp | 36 |
2 files changed, 27 insertions, 9 deletions
diff --git a/files/shorewall.conf.Gentoo. b/files/shorewall.conf.Default index 411d7dd..411d7dd 100644 --- a/files/shorewall.conf.Gentoo. +++ b/files/shorewall.conf.Default diff --git a/manifests/init.pp b/manifests/init.pp index a766b23..0ec363b 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -29,13 +29,29 @@ class shorewall { } - service { shorewall: ensure => running, enable => true, } + service { shorewall: + ensure => running, + enable => true, + subscribe => [ + Exec[concat_zones], + Exec[concat_interfaces], + Exec[concat_hosts], + Exec[concat_policy], + Exec[concat_rules], + Exec[concat_masq], + Exec[concat_proxyarp], + Exec[concat_nat], + Exec[concat_blacklist], + Exec[concat_rfc1918], + Exec[concat_routestopped], + ], + } file { "/var/lib/puppet/modules/shorewall": ensure => directory, force => true, - mode => 0755, owner => root, group => root; + mode => 0755, owner => root, group => 0; } # private @@ -46,7 +62,7 @@ class shorewall { "${dir}": ensure => directory, force => true, - mode => 0755, owner => root, group => root; + mode => 0755, owner => root, group => 0; } @@ -57,11 +73,11 @@ class shorewall { file { "${dir}/000-header": source => "puppet://$servername/shorewall/boilerplate/${name}.header", - mode => 0600, owner => root, group => root, + mode => 0600, owner => root, group => 0, notify => Exec["concat_${dir}"]; "${dir}/999-footer": source => "puppet://$servername/shorewall/boilerplate/${name}.footer", - mode => 0600, owner => root, group => root, + mode => 0600, owner => root, group => 0, notify => Exec["concat_${dir}"]; } } @@ -72,19 +88,21 @@ class shorewall { $dir = dirname($target) file { $target: content => "${line}\n", - mode => 0600, owner => root, group => root, + mode => 0600, owner => root, group => 0, notify => Exec["concat_${dir}"], } } # This file has to be managed in place, so shorewall can find it file { "/etc/shorewall/shorewall.conf": - # use OS specific defaults, but use gentoo if no other is found + # use OS specific defaults, but use Default if no other is found source => [ "puppet://$servername/shorewall/shorewall.conf.$operatingsystem.$lsbdistcodename", "puppet://$servername/shorewall/shorewall.conf.$operatingsystem", - "puppet://$servername/shorewall/shorewall.conf.Gentoo." ], - mode => 0644, owner => root, group => root, + "puppet://$servername/shorewall/shorewall.conf.Default", + ], + mode => 0644, owner => root, group => 0, + notify => Service[shorewall], } # See http://www.shorewall.net/3.0/Documentation.htm#Zones |