From a2bea19ddf88b6abe62fe70650751c238826b028 Mon Sep 17 00:00:00 2001 From: Stephen Gran Date: Sat, 20 Feb 2010 14:08:50 +0000 Subject: [PATCH] bare start of ferm rules Signed-off-by: Stephen Gran --- modules/ferm/manifests/init.pp | 28 ++++++++++++++++++++++++++++ modules/ferm/templates/ferm-rule.erb | 10 ++++++++++ modules/ferm/templates/me.conf.erb | 0 3 files changed, 38 insertions(+) create mode 100644 modules/ferm/manifests/init.pp create mode 100644 modules/ferm/templates/ferm-rule.erb create mode 100644 modules/ferm/templates/me.conf.erb diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp new file mode 100644 index 00000000..d97e1816 --- /dev/null +++ b/modules/ferm/manifests/init.pp @@ -0,0 +1,28 @@ +class ferm { + define ferm_rule($domain="ip", $chain="INPUT", $rule, $description="", $prio="00") { + file { "/etc/ferm/dsa.d/${prio}_${name}": + ensure => present, + owner => root, + group => root, + mode => 0600, + content => template("ferm/ferm-rule.erb"), + } + } + + package { ferm: ensure => installed } + + file { + "/etc/ferm/dsa.d": + ensure => directory, + require => Package["ferm"]; + "/etc/ferm/dsa.d/me.conf": + content => template("ferm/me.conf.erb"), + require => Package["ferm"], + notify => Exec["ferm restart"]; + } + + exec { "ferm restart": + path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin", + refreshonly => true, + } +} diff --git a/modules/ferm/templates/ferm-rule.erb b/modules/ferm/templates/ferm-rule.erb new file mode 100644 index 00000000..b3e637a8 --- /dev/null +++ b/modules/ferm/templates/ferm-rule.erb @@ -0,0 +1,10 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +domain <%= domain %> { + chain <%= chain %> { + <%= rule %>; + } +} diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb new file mode 100644 index 00000000..e69de29b -- 2.39.2