Restrict ssh to anycast and static mirrors
[mirror/dsa-puppet.git] / modules / ferm / manifests / rule.pp
1 define ferm::rule (
2         $rule,
3         $domain='ip',
4         $table='filter',
5         $chain='INPUT',
6         $description='',
7         $prio='00',
8         $notarule=false
9 ) {
10
11         include ferm
12
13         file {
14                 "/etc/ferm/dsa.d/${prio}_${name}":
15                         ensure  => present,
16                         mode    => '0400',
17                         content => template('ferm/ferm_rule.erb'),
18                         notify  => Service['ferm'],
19         }
20 }