base.pp 2.12 KB
Newer Older
1
class shorewall::base {
2
    package { 'shorewall-shell':
3 4 5 6
        ensure => present,
    }

    # This file has to be managed in place, so shorewall can find it
mh's avatar
mh committed
7 8 9
    file { "/etc/shorewall/shorewall.conf":
      # use OS specific defaults, but use Default if no other is found
      source => [
mh's avatar
mh committed
10 11 12 13 14
            "puppet://$server/modules/site-shorewall/${fqdn}/shorewall.conf.$operatingsystem",
            "puppet://$server/modules/site-shorewall/${fqdn}/shorewall.conf",
            "puppet://$server/modules/site-shorewall/shorewall.conf.$operatingsystem.$lsbdistcodename",
            "puppet://$server/modules/site-shorewall/shorewall.conf.$operatingsystem",
            "puppet://$server/modules/site-shorewall/shorewall.conf",
mh's avatar
mh committed
15 16
            "puppet://$server/modules/shorewall/shorewall.conf.$operatingsystem.$lsbdistcodename",
            "puppet://$server/modules/shorewall/shorewall.conf.$operatingsystem",
17
            "puppet://$server/modules/shorewall/shorewall.conf"
18
        ],
19
        require => Package[shorewall-shell],
20
        notify => Service[shorewall],
mh's avatar
mh committed
21 22
        owner => root, group => 0, mode => 0644;
    }
23

mh's avatar
mh committed
24
    service{shorewall:
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
        ensure  => running,
        enable  => true,
        hasstatus => true,
        hasrestart => true,
        subscribe => [
            Exec["concat_/var/lib/puppet/modules/shorewall/zones"],
            Exec["concat_/var/lib/puppet/modules/shorewall/interfaces"],
            Exec["concat_/var/lib/puppet/modules/shorewall/hosts"],
            Exec["concat_/var/lib/puppet/modules/shorewall/policy"],
            Exec["concat_/var/lib/puppet/modules/shorewall/rules"],
            Exec["concat_/var/lib/puppet/modules/shorewall/masq"],
            Exec["concat_/var/lib/puppet/modules/shorewall/proxyarp"],
            Exec["concat_/var/lib/puppet/modules/shorewall/nat"],
            Exec["concat_/var/lib/puppet/modules/shorewall/blacklist"],
            Exec["concat_/var/lib/puppet/modules/shorewall/rfc1918"],
            Exec["concat_/var/lib/puppet/modules/shorewall/routestopped"],
            Exec["concat_/var/lib/puppet/modules/shorewall/params"]
        ],
43
        require => Package[shorewall-shell],
44 45
    }
}