From fb82fa42e3c61c6adce3da457d1a4e15208b0683 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Tue, 29 Sep 2009 20:11:52 +0200
Subject: improve rule handling possiblities

they can now be set to absent as well

introduce 2 outgoing ssh rules to either
disable or remove the entry at all
---
 manifests/rules/out/ssh/disable.pp | 5 +++++
 manifests/rules/out/ssh/remove.pp  | 5 +++++
 2 files changed, 10 insertions(+)
 create mode 100644 manifests/rules/out/ssh/disable.pp
 create mode 100644 manifests/rules/out/ssh/remove.pp

(limited to 'manifests/rules/out/ssh')

diff --git a/manifests/rules/out/ssh/disable.pp b/manifests/rules/out/ssh/disable.pp
new file mode 100644
index 0000000..223bf73
--- /dev/null
+++ b/manifests/rules/out/ssh/disable.pp
@@ -0,0 +1,5 @@
+class shorewall::rules::out::ssh::disable inherits shorewall::rules::out::ssh {
+  Shorewall::Rule['me-net-tcp_ssh']{
+    action => 'DROP',
+  }
+}
diff --git a/manifests/rules/out/ssh/remove.pp b/manifests/rules/out/ssh/remove.pp
new file mode 100644
index 0000000..bc0acf3
--- /dev/null
+++ b/manifests/rules/out/ssh/remove.pp
@@ -0,0 +1,5 @@
+class shorewall::rules::out::ssh::remove inherits shorewall::rules::out::ssh {
+  Shorewall::Rule['me-net-tcp_ssh']{
+    ensure => absent,
+  }
+}
-- 
cgit v1.2.3