From aa20908dec614095d098dad36e9e9563bdd83cd5 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Sun, 29 Sep 2019 16:13:55 +0200 Subject: [PATCH] puppet rule to create an empty ferm chain --- modules/ferm/manifests/rule/chain.pp | 32 ++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 modules/ferm/manifests/rule/chain.pp diff --git a/modules/ferm/manifests/rule/chain.pp b/modules/ferm/manifests/rule/chain.pp new file mode 100644 index 000000000..7675b509d --- /dev/null +++ b/modules/ferm/manifests/rule/chain.pp @@ -0,0 +1,32 @@ +# Create an (empty) chain +# +# @param domain netfilter domain: ip (IPv4), ip6 (IPv6), or both. +# @param table netfilter table +# @param chain netfilter chain +# @param description a description of the rule +# @param prio Priority/Order of the rule +define ferm::rule::chain ( + String $chain, + String $description = '', + Variant[Enum['ip', 'ip6'], Array[Enum['ip', 'ip6']]] $domain = ['ip', 'ip6'], + String $table = 'filter', + String $prio = '10', +) { + include ferm + + $real_domain = Array($domain, true) + + file { + "/etc/ferm/dsa.d/${prio}_${name}": + ensure => 'present', + mode => '0400', + notify => Exec['ferm reload'], + content => inline_template( @(EOF) ), + domain (<%= @real_domain.join(' ') %>) { + table <%= @table %> { + chain <% @chain %> {} + } + } + | EOF + } +} -- 2.20.1