X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fferm%2Fmanifests%2Finit.pp;h=b997d60899012e86fbaf05e51e8e8fd14db8af09;hb=fd6b464b0da569ba84e2f260a666c257b5773f93;hp=f5dd60f73fb68cb54f7e1d92bc9c8ff2951ce416;hpb=3f4c8bcf77868067a3705262d9d2ca440994e8a5;p=mirror%2Fdsa-puppet.git diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp index f5dd60f73..b997d6089 100644 --- a/modules/ferm/manifests/init.pp +++ b/modules/ferm/manifests/init.pp @@ -13,7 +13,10 @@ class ferm { # realize (i.e. enable) all @ferm::rule virtual resources Ferm::Rule <| |> - package { ferm: ensure => installed } + package { + ferm: ensure => installed; + ulogd: ensure => installed; + } file { "/etc/ferm/dsa.d": @@ -26,6 +29,10 @@ class ferm { "/etc/ferm/conf.d": ensure => directory, require => Package["ferm"]; + "/etc/default/ferm": + source => "puppet:///ferm/ferm.default", + require => Package["ferm"], + notify => Exec["ferm restart"]; "/etc/ferm/ferm.conf": source => "puppet:///ferm/ferm.conf", require => Package["ferm"], @@ -37,19 +44,22 @@ class ferm { mode => 0400, notify => Exec["ferm restart"]; "/etc/ferm/conf.d/defs.conf": - source => "puppet:///ferm/defs.conf", + content => template("ferm/defs.conf.erb"), + require => Package["ferm"], + mode => 0400, + notify => Exec["ferm restart"]; + "/etc/ferm/conf.d/interfaces.conf": + content => template("ferm/interfaces.conf.erb"), require => Package["ferm"], mode => 0400, notify => Exec["ferm restart"]; } - ferm::rule { - domain => "(ip ip6)", - description => "Drop everything else", - prio => "99", - rule => "jump log_or_drop" - } + $munin_ips = split(regsubst($v4ips, '([^,]+)', 'ip_\1', 'G'), ',') + activate_munin_check { + $munin_ips: script => "ip_"; + } exec { "ferm restart": command => "/etc/init.d/ferm restart",