fuck, really, stop

author Stephen Gran <steve@lobefin.net>

Mon, 18 Jan 2010 23:15:17 +0000 (23:15 +0000)

committer Stephen Gran <steve@lobefin.net>

Mon, 18 Jan 2010 23:15:17 +0000 (23:15 +0000)
author Stephen Gran <steve@lobefin.net>
Mon, 18 Jan 2010 23:15:17 +0000 (23:15 +0000)
committer Stephen Gran <steve@lobefin.net>
Mon, 18 Jan 2010 23:15:17 +0000 (23:15 +0000)
diff --git a/modules/ferm/files/defs.conf b/modules/ferm/files/defs.conf

deleted file mode 100644 (file)

index 36cd5d4..0000000
--- a/modules/ferm/files/defs.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-@def &SERVICE($proto, $port) = {
-       domain (ip ip6) chain INPUT proto $proto dport $port ACCEPT;
-}
-
-@def &V4_SERVICE($proto, $port) = {
-       domain ip chain INPUT proto $proto dport $port ACCEPT;
-}
-
-@def &V6_SERVICE($proto, $port) = {
-       domain ip6 chain INPUT proto $proto dport $port ACCEPT;
-}
-
-@def &V4_SERVICE_RANGE($proto, $port, $srange) = {
-       domain ip chain INPUT proto $proto dport $port saddr $srange ACCEPT;
-}
-
-@def &V6_SERVICE_RANGE($proto, $port, $srange) = {
-       domain ip6 chain INPUT proto $proto dport $port saddr $srange ACCEPT;
-}
-
-@def $HOST_MUNIN  = (192.25.206.57 192.25.206.33);
-@def $HOST_NAGIOS = (192.25.206.57 192.25.206.33);
diff --git a/modules/ferm/files/ferm.conf b/modules/ferm/files/ferm.conf

deleted file mode 100644 (file)

index 6cd911f..0000000
--- a/modules/ferm/files/ferm.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-# include some ferm definitions, useful for adding function to abstract stuff
-@include 'defs.conf';
-
-# a simple default and fairly secure policy
-domain (ip ip6) {
-       chain INPUT {
-               policy DROP;
-               mod state state (ESTABLISHED RELATED) ACCEPT;
-               interface lo ACCEPT;
-               proto tcp mod state state NEW !syn DROP;
-               proto icmp ACCEPT;
-       }
-}
-
-# per-host configuration
-@include 'conf.d/';
-
-# managed via puppet
-@include 'dsa.d/';
diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp

deleted file mode 100644 (file)

index adf1fc8..0000000
--- a/modules/ferm/manifests/init.pp
+++ /dev/null
@@ -1,63 +0,0 @@
-#
-
-class ferm {
-       package { "ferm" :
-               ensure          => installed,
-       }
-
-       file { "/etc/ferm/dsa.d" :
-               ensure          => directory,
-               owner           => root,
-               group           => root,
-               mode            => 0700,
-               require         => Package["ferm"],
-       }
-
-       file { "/etc/ferm/conf.d" :
-               ensure          =>directory,
-               owner           => root,
-               group           => root,
-               mode            => 0700,
-               require         => Package["ferm"],
-       }
-
-       file { "/etc/ferm/ferm.conf" :
-               ensure          => present,
-               owner           => root,
-               group           => root,
-               mode            => 0600,
-               require         => Package["ferm"],
-               notify          => Exec["ferm reload"],
-               source          => "puppet:///ferm/ferm.conf",
-       }
-
-       file { "/etc/ferm/defs.conf" :
-               ensure          => present,
-               owner           => root,
-               group           => root,
-               mode            => 0600,
-               require         => Package["ferm"],
-               notify          => Exec["ferm reload"],
-               source          => "puppet:///ferm/defs.conf",
-       }
-
-       exec { "ferm reload":
-               path            => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
-               refreshonly     => true,
-       }
-
-       # used as, e.g.:
-       # ferm::rule { "dsa-ssh":
-       #       description     => "Allow SSH from DSA",
-       #       rule            => "proto tcp dport ssh saddr 1.2.3.4 ACCEPT"
-       # }
-       define rule($domain="ip", $chain="INPUT", $rule, $description="", $prio="00") {
-               file { "/etc/ferm/dsa.d/${prio}_${name}":
-                       ensure  => present,
-                       owner   => root,
-                       group   => root,
-                       mode    => 0600,
-                       content => template("ferm/ferm-rule.erb"),
-               }
-       }
-}
diff --git a/modules/ferm/templates/ferm-rule.erb b/modules/ferm/templates/ferm-rule.erb

deleted file mode 100644 (file)

index b3e637a..0000000
--- a/modules/ferm/templates/ferm-rule.erb
+++ /dev/null
@@ -1,10 +0,0 @@
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-domain <%= domain %> {
-        chain <%= chain %> {
-                <%= rule %>;
-        }
-}
author	Stephen Gran <steve@lobefin.net>
	Mon, 18 Jan 2010 23:15:17 +0000 (23:15 +0000)
committer	Stephen Gran <steve@lobefin.net>
	Mon, 18 Jan 2010 23:15:17 +0000 (23:15 +0000)
modules/ferm/files/defs.conf	[deleted file]	patch \| blob \| history
modules/ferm/files/ferm.conf	[deleted file]	patch \| blob \| history
modules/ferm/manifests/init.pp	[deleted file]	patch \| blob \| history
modules/ferm/templates/ferm-rule.erb	[deleted file]	patch \| blob \| history