projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
and allow from v6 networks
[mirror/dsa-puppet.git]
/
modules
/
ferm
/
manifests
/
init.pp
diff --git
a/modules/ferm/manifests/init.pp
b/modules/ferm/manifests/init.pp
index
b565a5a
..
a6dcf1e
100644
(file)
--- a/
modules/ferm/manifests/init.pp
+++ b/
modules/ferm/manifests/init.pp
@@
-1,5
+1,5
@@
class ferm {
class ferm {
- define rule($domain="ip", $
chain="INPUT", $rule, $description="", $prio="00"
) {
+ define rule($domain="ip", $
table="filter", $chain="INPUT", $rule, $description="", $prio="00", $notarule=false
) {
file {
"/etc/ferm/dsa.d/${prio}_${name}":
ensure => present,
file {
"/etc/ferm/dsa.d/${prio}_${name}":
ensure => present,
@@
-19,23
+19,27
@@
class ferm {
ulogd: ensure => installed;
}
ulogd: ensure => installed;
}
- file {
+ file {
"/etc/ferm/dsa.d":
ensure => directory,
purge => true,
force => true,
recurse => true,
source => "puppet:///files/empty/",
"/etc/ferm/dsa.d":
ensure => directory,
purge => true,
force => true,
recurse => true,
source => "puppet:///files/empty/",
+ notify => Exec["ferm restart"],
require => Package["ferm"];
require => Package["ferm"];
+ "/etc/ferm":
+ ensure => directory,
+ mode => 0755;
"/etc/ferm/conf.d":
ensure => directory,
require => Package["ferm"];
"/etc/default/ferm":
"/etc/ferm/conf.d":
ensure => directory,
require => Package["ferm"];
"/etc/default/ferm":
- source => "puppet:///ferm/ferm.default",
+ source => "puppet:///
modules/
ferm/ferm.default",
require => Package["ferm"],
notify => Exec["ferm restart"];
"/etc/ferm/ferm.conf":
require => Package["ferm"],
notify => Exec["ferm restart"];
"/etc/ferm/ferm.conf":
- source => "puppet:///ferm/ferm.conf",
+ source => "puppet:///
modules/
ferm/ferm.conf",
require => Package["ferm"],
mode => 0400,
notify => Exec["ferm restart"];
require => Package["ferm"],
mode => 0400,
notify => Exec["ferm restart"];
@@
-54,6
+58,10
@@
class ferm {
require => Package["ferm"],
mode => 0400,
notify => Exec["ferm restart"];
require => Package["ferm"],
mode => 0400,
notify => Exec["ferm restart"];
+ "/etc/logrotate.d/ulogd":
+ source => "puppet:///modules/ferm/logrotate-ulogd",
+ require => Package["debian.org"],
+ ;
}
$munin_ips = split(regsubst($v4ips, '([^,]+)', 'ip_\1', 'G'), ',')
}
$munin_ips = split(regsubst($v4ips, '([^,]+)', 'ip_\1', 'G'), ',')
@@
-62,11
+70,11
@@
class ferm {
$munin_ips: script => "ip_";
}
$munin_ips: script => "ip_";
}
- case
extractnodeinfo
($nodeinfo, 'buildd') {
-
'true'
: {
+ case
getfromhash
($nodeinfo, 'buildd') {
+
true
: {
file {
"/etc/ferm/conf.d/load_ftp_conntrack.conf":
file {
"/etc/ferm/conf.d/load_ftp_conntrack.conf":
- source => "puppet:///ferm/conntrack_ftp.conf",
+ source => "puppet:///
modules/
ferm/conntrack_ftp.conf",
require => Package["ferm"],
notify => Exec["ferm restart"];
}
require => Package["ferm"],
notify => Exec["ferm restart"];
}