# realize (i.e. enable) all @ferm::rule virtual resources
Ferm::Rule <| |>
- package { ferm: ensure => installed }
+ package {
+ ferm: ensure => installed;
+ ulogd: ensure => installed;
+ }
file {
"/etc/ferm/dsa.d":
"/etc/ferm/conf.d":
ensure => directory,
require => Package["ferm"];
+ "/etc/default/ferm":
+ source => "puppet:///ferm/ferm.default",
+ require => Package["ferm"],
+ notify => Exec["ferm restart"];
"/etc/ferm/ferm.conf":
source => "puppet:///ferm/ferm.conf",
require => Package["ferm"],
mode => 0400,
notify => Exec["ferm restart"];
"/etc/ferm/conf.d/defs.conf":
- source => "puppet:///ferm/defs.conf",
+ content => template("ferm/defs.conf.erb"),
+ require => Package["ferm"],
+ mode => 0400,
+ notify => Exec["ferm restart"];
+ "/etc/ferm/conf.d/interfaces.conf":
+ content => template("ferm/interfaces.conf.erb"),
require => Package["ferm"],
mode => 0400,
notify => Exec["ferm restart"];
}
- ferm::rule { "dsa-drop":
- domain => "(ip ip6)",
- description => "Drop everything else",
- prio => "99",
- rule => "jump log_or_drop"
- }
+ $munin_ips = split(regsubst($v4ips, '([^,]+)', 'ip_\1', 'G'), ',')
+ activate_munin_check {
+ $munin_ips: script => "ip_";
+ }
exec { "ferm restart":
command => "/etc/init.d/ferm restart",
}
}
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4:
projects / dsa-puppet.git / blobdiff