[Mageia-sysadm] [242] add shorewall module

root at mageia.org root at mageia.org
Fri Nov 12 21:38:24 CET 2010 

Revision: 242
Author:   boklm
Date:     2010-11-12 21:38:24 +0100 (Fri, 12 Nov 2010)
Log Message:
-----------
add shorewall module

Added Paths:
-----------
    puppet/modules/shorewall/
    puppet/modules/shorewall/files/
    puppet/modules/shorewall/files/footers/
    puppet/modules/shorewall/files/footers/interfaces
    puppet/modules/shorewall/files/footers/policy
    puppet/modules/shorewall/files/footers/rules
    puppet/modules/shorewall/files/footers/zones
    puppet/modules/shorewall/files/headers/
    puppet/modules/shorewall/files/headers/interfaces
    puppet/modules/shorewall/files/headers/policy
    puppet/modules/shorewall/files/headers/rules
    puppet/modules/shorewall/files/headers/zones
    puppet/modules/shorewall/manifests/
    puppet/modules/shorewall/manifests/init.pp

Added: puppet/modules/shorewall/files/footers/interfaces
===================================================================
--- puppet/modules/shorewall/files/footers/interfaces	                        (rev 0)
+++ puppet/modules/shorewall/files/footers/interfaces	2010-11-12 20:38:24 UTC (rev 242)
@@ -0,0 +1 @@
+#LAST LINE -- DO NOT REMOVE

Added: puppet/modules/shorewall/files/footers/policy
===================================================================
--- puppet/modules/shorewall/files/footers/policy	                        (rev 0)
+++ puppet/modules/shorewall/files/footers/policy	2010-11-12 20:38:24 UTC (rev 242)
@@ -0,0 +1 @@
+#LAST LINE -- DO NOT REMOVE

Added: puppet/modules/shorewall/files/footers/rules
===================================================================
--- puppet/modules/shorewall/files/footers/rules	                        (rev 0)
+++ puppet/modules/shorewall/files/footers/rules	2010-11-12 20:38:24 UTC (rev 242)
@@ -0,0 +1 @@
+#LAST LINE -- DO NOT REMOVE

Added: puppet/modules/shorewall/files/footers/zones
===================================================================
--- puppet/modules/shorewall/files/footers/zones	                        (rev 0)
+++ puppet/modules/shorewall/files/footers/zones	2010-11-12 20:38:24 UTC (rev 242)
@@ -0,0 +1 @@
+#LAST LINE -- DO NOT REMOVE

Added: puppet/modules/shorewall/files/headers/interfaces
===================================================================
--- puppet/modules/shorewall/files/headers/interfaces	                        (rev 0)
+++ puppet/modules/shorewall/files/headers/interfaces	2010-11-12 20:38:24 UTC (rev 242)
@@ -0,0 +1,10 @@
+#
+# Shorewall version 4 - Interfaces File
+#
+# For information about entries in this file, type "man shorewall-interfaces"
+#
+# The manpage is also online at
+# http://www.shorewall.net/manpages/shorewall-interfaces.html
+#
+###############################################################################
+#ZONE	INTERFACE	BROADCAST	OPTIONS

Added: puppet/modules/shorewall/files/headers/policy
===================================================================
--- puppet/modules/shorewall/files/headers/policy	                        (rev 0)
+++ puppet/modules/shorewall/files/headers/policy	2010-11-12 20:38:24 UTC (rev 242)
@@ -0,0 +1,11 @@
+#
+# Shorewall version 4 - Policy File
+#
+# For information about entries in this file, type "man shorewall-policy"
+#
+# The manpage is also online at
+# http://www.shorewall.net/manpages/shorewall-policy.html
+#
+###############################################################################
+#SOURCE	DEST	POLICY		LOG	LIMIT:		CONNLIMIT:
+#				LEVEL	BURST		MASK

Added: puppet/modules/shorewall/files/headers/rules
===================================================================
--- puppet/modules/shorewall/files/headers/rules	                        (rev 0)
+++ puppet/modules/shorewall/files/headers/rules	2010-11-12 20:38:24 UTC (rev 242)
@@ -0,0 +1,11 @@
+#
+# Shorewall version 4 - Rules File
+#
+# For information on the settings in this file, type "man shorewall-rules"
+#
+# The manpage is also online at
+# http://www.shorewall.net/manpages/shorewall-rules.html
+#
+####################################################################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME
+#							PORT	PORT(S)		DEST		LIMIT		GROUP

Added: puppet/modules/shorewall/files/headers/zones
===================================================================
--- puppet/modules/shorewall/files/headers/zones	                        (rev 0)
+++ puppet/modules/shorewall/files/headers/zones	2010-11-12 20:38:24 UTC (rev 242)
@@ -0,0 +1,11 @@
+#
+# Shorewall version 4 - Zones File
+#
+# For information about this file, type "man shorewall-zones"
+#
+# The manpage is also online at
+# http://www.shorewall.net/manpages/shorewall-zones.html
+#
+###############################################################################
+#ZONE	TYPE		OPTIONS		IN			OUT
+#					OPTIONS			OPTIONS

Added: puppet/modules/shorewall/manifests/init.pp
===================================================================
--- puppet/modules/shorewall/manifests/init.pp	                        (rev 0)
+++ puppet/modules/shorewall/manifests/init.pp	2010-11-12 20:38:24 UTC (rev 242)
@@ -0,0 +1,102 @@
+class shorewall {
+  include concat::setup
+
+  define shorewallfile () {
+     $filename = "/etc/shorewall/${name}"
+     $header = "puppet:///modules/shorewall/headers/${name}"
+     $footer = "puppet:///modules/shorewall/footers/${name}"
+     concat{$filename:
+	owner => root,
+	group => root,
+	mode => 600,
+     }
+
+     concat::fragment{"${name}_header":
+     	target => $filename,
+	order => 1,
+	source => $header,
+     }
+
+     concat::fragment{"${name}_footer":
+     	target => $filename,
+	order => 99,
+	source => $footer,
+     }
+  }
+
+  ### Rules
+  shorewallfile{ rules: }
+  define rule_line($order = 50) {
+     $filename = "/etc/shorewall/rules"
+     $line = $name
+     concat::fragment{"newline_${name}":
+	target => $filename,
+	order => $order,
+	content => $line,
+     }
+  }
+  class allow_ssh_in {
+     rule_line { "ACCEPT all all tcp 22":
+     	order => 5,
+     }
+  }
+  class allow_dns_in {
+     rule_line { "ACCEPT net fw tcp 53" }
+     rule_line { "ACCEPT net fw udp 53" }
+  }
+  class allow_smtp_in {
+     rule_line { "ACCEPT net fw tcp 25" }
+  }
+  class allow_www_in {
+     rule_line { "ACCEPT net fw tcp 80" }
+  }
+
+  ### Zones
+  shorewallfile{ zones: }
+  define zone_line($order = 50) {
+     $filename = "/etc/shorewall/zones"
+     $line = $name
+     concat::fragment{"newline_${name}":
+	target => $filename,
+	order => $order,
+	content => $line,
+     }
+  }
+  class default_zones {
+     zone_line { "net     ipv4":
+	$order => 2,
+     }
+     zone_line { "fw      firewall":
+	$order => 3,
+     }
+  }
+
+  ### Policy
+  shorewallfile{ policy: }
+  define policy_line($order = 50) {
+     $filename = "/etc/shorewall/policy"
+     $line = $name
+     concat::fragment{"newline_${name}":
+	target => $filename,
+	order => $order,
+	content => $line,
+     }
+  }
+  class default_policy {
+     policy_line{ "fw	net	ACCEPT":
+     	$order => 2,
+     }
+     policy_line{ "net	all	DROP	info":
+     	$order => 3,
+     }
+     policy_line{ "all	all	REJECT	info":
+     	$order => 4,
+     }
+  }
+
+  class default_firewall() {
+     include default_zones
+     include default_policy
+     include allow_ssh_in
+  }
+}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20101112/b0723b5d/attachment.html>

More information about the Mageia-sysadm mailing list