From 079a8e915b73b5a969fa4882eba9fe5c814bf4d9 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 21 Oct 2010 00:12:20 +0200 Subject: introduce parametrized class for ports so we can pass the ports from the sshd module --- manifests/rules/ssh.pp | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/manifests/rules/ssh.pp b/manifests/rules/ssh.pp index f587259..0eebcb4 100644 --- a/manifests/rules/ssh.pp +++ b/manifests/rules/ssh.pp @@ -1,10 +1,11 @@ -class shorewall::rules::ssh { - shorewall::rule { 'net-me-tcp_ssh': - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => 'ssh', - order => 240, - action => 'ACCEPT'; - } +class shorewall::rules::ssh($ports) { + $flatted_ports = join($ports,',') + shorewall::rule { 'net-me-tcp_ssh': + source => 'net', + destination => '$FW', + proto => 'tcp', + destinationport => $flatted_ports, + order => 240, + action => 'ACCEPT'; + } } -- cgit v1.2.3 From a1739cacce6c17e9244c3c6d5b5838e331265490 Mon Sep 17 00:00:00 2001 From: Andreas Date: Thu, 21 Oct 2010 18:55:32 -0500 Subject: shorewall tinc rules --- manifests/rules/tinc.pp | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 manifests/rules/tinc.pp diff --git a/manifests/rules/tinc.pp b/manifests/rules/tinc.pp new file mode 100644 index 0000000..d244ceb --- /dev/null +++ b/manifests/rules/tinc.pp @@ -0,0 +1,34 @@ +class shorewall::rules::tinc { + shorewall::rule { 'net-me-tinc-tcp': + source => 'net', + destination => '$FW', + proto => 'tcp', + destinationport => '655', + order => 240, + action => 'ACCEPT'; + } + shorewall::rule { 'me-net-tinc-tcp': + source => '$FW', + destination => 'net', + proto => 'tcp', + destinationport => '655', + order => 240, + action => 'ACCEPT'; + } + shorewall::rule { 'net-me-tinc-udp': + source => 'net', + destination => '$FW', + proto => 'tcp', + destinationport => '655', + order => 240, + action => 'ACCEPT'; + } + shorewall::rule { 'me-net-tinc-udp': + source => '$FW', + destination => 'net', + proto => 'tcp', + destinationport => '655', + order => 240, + action => 'ACCEPT'; + } +} -- cgit v1.2.3 From 60dcbae4afae245ceaf28dd91309f0a54d74f997 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 22 Oct 2010 22:05:23 +0200 Subject: add identd rules --- manifests/rules/identd.pp | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 manifests/rules/identd.pp diff --git a/manifests/rules/identd.pp b/manifests/rules/identd.pp new file mode 100644 index 0000000..719e581 --- /dev/null +++ b/manifests/rules/identd.pp @@ -0,0 +1,10 @@ +class shorewall::rules::identd { + shorewall::rule { 'net-me-identd-tcp': + source => 'net', + destination => '$FW', + proto => 'tcp', + destinationport => '113', + order => 240, + action => 'ACCEPT'; + } +} -- cgit v1.2.3 From 2e9d8ed388bc20693888f74ae704022ebf4a9900 Mon Sep 17 00:00:00 2001 From: Andreas Date: Fri, 22 Oct 2010 19:36:38 -0500 Subject: error tcp instead of udp --- manifests/rules/tinc.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/rules/tinc.pp b/manifests/rules/tinc.pp index d244ceb..79cf92e 100644 --- a/manifests/rules/tinc.pp +++ b/manifests/rules/tinc.pp @@ -18,7 +18,7 @@ class shorewall::rules::tinc { shorewall::rule { 'net-me-tinc-udp': source => 'net', destination => '$FW', - proto => 'tcp', + proto => 'udp', destinationport => '655', order => 240, action => 'ACCEPT'; @@ -26,7 +26,7 @@ class shorewall::rules::tinc { shorewall::rule { 'me-net-tinc-udp': source => '$FW', destination => 'net', - proto => 'tcp', + proto => 'udp', destinationport => '655', order => 240, action => 'ACCEPT'; -- cgit v1.2.3 From d0d76dc943e3521e706918e23f20bb85f5c4c1b8 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 4 Nov 2010 19:31:55 +0100 Subject: add silc rules --- manifests/rules/out/silc.pp | 19 +++++++++++++++++++ manifests/rules/silcd.pp | 19 +++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 manifests/rules/out/silc.pp create mode 100644 manifests/rules/silcd.pp diff --git a/manifests/rules/out/silc.pp b/manifests/rules/out/silc.pp new file mode 100644 index 0000000..830df9c --- /dev/null +++ b/manifests/rules/out/silc.pp @@ -0,0 +1,19 @@ +class shorewall::rules::out::silc { + shorewall::rule{ + 'me-net-silc-tcp': + source => '$FW', + destination => 'net', + proto => 'tcp', + destinationport => '706', + order => 240, + action => 'ACCEPT'; + 'me-net-silc-udp': + source => '$FW', + destination => 'net', + proto => 'udp', + destinationport => '706', + order => 240, + action => 'ACCEPT'; + + } +} diff --git a/manifests/rules/silcd.pp b/manifests/rules/silcd.pp new file mode 100644 index 0000000..91ee4a5 --- /dev/null +++ b/manifests/rules/silcd.pp @@ -0,0 +1,19 @@ +class shorewall::rules::silcd { + shorewall::rule{ + 'net-me-silcd-tcp': + source => 'net', + destination => '$FW', + proto => 'tcp', + destinationport => '706', + order => 240, + action => 'ACCEPT'; + 'net-me-silcd-udp': + source => 'net', + destination => '$FW', + proto => 'udp', + destinationport => '706', + order => 240, + action => 'ACCEPT'; + + } +} -- cgit v1.2.3