bare start of ferm rules

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
new file mode 100644 (file)
index 0000000..d97e181
--- /dev/null
+++ b/modules/ferm/manifests/init.pp
@@ -0,0 +1,28 @@
+class ferm {
+       define ferm_rule($domain="ip", $chain="INPUT", $rule, $description="", $prio="00") {
+               file { "/etc/ferm/dsa.d/${prio}_${name}":
+                       ensure  => present,
+                       owner   => root,
+                       group   => root,
+                       mode    => 0600,
+                       content => template("ferm/ferm-rule.erb"),
+               }
+       }
+
+        package { ferm: ensure => installed }
+
+        file { 
+                "/etc/ferm/dsa.d": 
+                        ensure => directory,
+                        require => Package["ferm"];
+                "/etc/ferm/dsa.d/me.conf":
+                        content => template("ferm/me.conf.erb"),
+                        require => Package["ferm"],
+                        notify  => Exec["ferm restart"];
+        }
+
+        exec { "ferm restart":
+                path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
+                refreshonly => true,
+        }
+}

diff --git a/modules/ferm/templates/ferm-rule.erb b/modules/ferm/templates/ferm-rule.erb
new file mode 100644 (file)
index 0000000..b3e637a
--- /dev/null
+++ b/modules/ferm/templates/ferm-rule.erb
@@ -0,0 +1,10 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+domain <%= domain %> {
+        chain <%= chain %> {
+                <%= rule %>;
+        }
+}

diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb
new file mode 100644 (file)
index 0000000..e69de29