projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
let's see if this works
[mirror/dsa-puppet.git]
/
modules
/
ferm
/
manifests
/
init.pp
diff --git
a/modules/ferm/manifests/init.pp
b/modules/ferm/manifests/init.pp
index
d97e181
..
a8798c8
100644
(file)
--- a/
modules/ferm/manifests/init.pp
+++ b/
modules/ferm/manifests/init.pp
@@
-1,5
+1,5
@@
class ferm {
class ferm {
- define
ferm_
rule($domain="ip", $chain="INPUT", $rule, $description="", $prio="00") {
+ define rule($domain="ip", $chain="INPUT", $rule, $description="", $prio="00") {
file { "/etc/ferm/dsa.d/${prio}_${name}":
ensure => present,
owner => root,
file { "/etc/ferm/dsa.d/${prio}_${name}":
ensure => present,
owner => root,
@@
-15,12
+15,21
@@
class ferm {
"/etc/ferm/dsa.d":
ensure => directory,
require => Package["ferm"];
"/etc/ferm/dsa.d":
ensure => directory,
require => Package["ferm"];
- "/etc/ferm/dsa.d/me.conf":
+ "/etc/ferm/conf.d":
+ ensure => directory,
+ require => Package["ferm"];
+ "/etc/ferm/conf.d/me.conf":
content => template("ferm/me.conf.erb"),
require => Package["ferm"],
notify => Exec["ferm restart"];
}
content => template("ferm/me.conf.erb"),
require => Package["ferm"],
notify => Exec["ferm restart"];
}
+ ferm::rule { "dsa-ssh":
+ description => "Allow SSH from DSA",
+ rule => "proto tcp dport ssh ACCEPT"
+ }
+
+ ferm_rule(
exec { "ferm restart":
path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
refreshonly => true,
exec { "ferm restart":
path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
refreshonly => true,