2 define rule($domain="ip", $chain="INPUT", $rule, $description="", $prio="00") {
3 file { "/etc/ferm/dsa.d/${prio}_${name}":
8 content => template("ferm/ferm-rule.erb"),
9 notify => Exec["ferm restart"],
13 package { ferm: ensure => installed }
18 require => Package["ferm"];
21 require => Package["ferm"];
22 "/etc/ferm/ferm.conf":
23 source => "puppet:///ferm/ferm.conf",
24 require => Package["ferm"],
25 notify => Exec["ferm restart"];
26 "/etc/ferm/conf.d/me.conf":
27 content => template("ferm/me.conf.erb"),
28 require => Package["ferm"],
29 notify => Exec["ferm restart"];
32 ferm::rule { "dsa-ssh":
33 description => "Allow SSH from DSA",
34 rule => "proto tcp mod state state (NEW) dport (ssh) @subchain 'ssh' { saddr (\$SSH_SOURCES) ACCEPT; }"
37 exec { "ferm restart":
38 path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",