From: Stephen Gran Date: Sat, 20 Feb 2010 14:08:50 +0000 (+0000) Subject: bare start of ferm rules X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=a2bea19ddf88b6abe62fe70650751c238826b028;p=mirror%2Fdsa-puppet.git bare start of ferm rules Signed-off-by: Stephen Gran --- diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp new file mode 100644 index 000000000..d97e1816a --- /dev/null +++ b/modules/ferm/manifests/init.pp @@ -0,0 +1,28 @@ +class ferm { + define ferm_rule($domain="ip", $chain="INPUT", $rule, $description="", $prio="00") { + file { "/etc/ferm/dsa.d/${prio}_${name}": + ensure => present, + owner => root, + group => root, + mode => 0600, + content => template("ferm/ferm-rule.erb"), + } + } + + package { ferm: ensure => installed } + + file { + "/etc/ferm/dsa.d": + ensure => directory, + require => Package["ferm"]; + "/etc/ferm/dsa.d/me.conf": + content => template("ferm/me.conf.erb"), + require => Package["ferm"], + notify => Exec["ferm restart"]; + } + + exec { "ferm restart": + path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin", + refreshonly => true, + } +} diff --git a/modules/ferm/templates/ferm-rule.erb b/modules/ferm/templates/ferm-rule.erb new file mode 100644 index 000000000..b3e637a8e --- /dev/null +++ b/modules/ferm/templates/ferm-rule.erb @@ -0,0 +1,10 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +domain <%= domain %> { + chain <%= chain %> { + <%= rule %>; + } +} diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb new file mode 100644 index 000000000..e69de29bb