Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
chris
puppet-shorewall
Commits
4da1590e
Commit
4da1590e
authored
Feb 13, 2017
by
Micah
Browse files
Merge branch '5.x-2' into 'master'
5.x changes part 2 See merge request !8
parents
054ccc9e
4b3f8eac
Changes
11
Hide whitespace changes
Inline
Side-by-side
README.md
View file @
4da1590e
...
...
@@ -186,8 +186,7 @@ Example from node.pp:
shorewall::interface { 'eth0':
zone => 'net',
rfc1918 => true,
options => 'tcpflags,blacklist,nosmurfs';
options => 'tcpflags,nosmurfs';
}
shorewall::policy {
...
...
files/boilerplate/blacklist.footer
deleted
100644 → 0
View file @
054ccc9e
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
files/boilerplate/blacklist.header
deleted
100644 → 0
View file @
054ccc9e
#
# Shorewall version 3.4 - Blacklist File
#
# For information about entries in this file, type "man shorewall-blacklist"
#
# Please see http://shorewall.net/blacklisting_support.htm for additional
# information.
#
###############################################################################
#ADDRESS/SUBNET PROTOCOL PORT
files/boilerplate/params.header
View file @
4da1590e
...
...
@@ -13,7 +13,7 @@
#
# NET_IF=eth0
# NET_BCAST=130.252.100.255
# NET_OPTIONS=routefilter
,norfc1918
# NET_OPTIONS=routefilter
#
# Example (/etc/shorewall/interfaces record):
#
...
...
@@ -21,6 +21,6 @@
#
# The result will be the same as if the record had been written
#
# net eth0 130.252.100.255 routefilter
,norfc1918
# net eth0 130.252.100.255 routefilter
#
###############################################################################
files/boilerplate/started.header
View file @
4da1590e
#
# Shorewall
version 4 - S
tarted
File
# Shorewall
-- /etc/shorewall/s
tarted
#
# /etc/shorewall/started
# Add commands below that you want to be executed after shorewall has
# been completely started, reloaded or restarted. The difference between
# this extension script and /etc/shorewall/start is that this one is
# invoked after the 'shorewall' chain has been created (thus
# signaling that the firewall is completely up).
#
# Add commands below that you want to be executed after shorewall has
# been completely started or restarted. The difference between this
# extension script and /etc/shorewall/start is that this one is invoked
# after delayed loading of the blacklist (DELAYBLACKLISTLOAD=Yes) and
# after the 'shorewall' chain has been created (thus signaling that the
# firewall is completely up).
#
# This script should not change the firewall configuration directly but
# may do so indirectly by running /sbin/shorewall with the 'nolock'
# option.
# This script should not change the firewall configuration directly but
# may do so indirectly by running /sbin/shorewall with the 'nolock'
# option.
#
# See http://shorewall.net/shorewall_extension_scripts.htm for additional
# information.
#
###############################################################################
manifests/blacklist.pp
deleted
100644 → 0
View file @
054ccc9e
define
shorewall::blacklist
(
$proto
=
'-'
,
$port
=
'-'
,
$order
=
'100'
){
shorewall::entry
{
"blacklist-
${order}
-
${name}
"
:
line
=>
"
${name}
${proto}
${port}
"
,
}
}
manifests/blrules.pp
View file @
4da1590e
...
...
@@ -4,12 +4,11 @@
#
# shorewall::interface { 'br0':
# zone => 'net',
# rfc1918 => true,
# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge';
# options => 'tcpflags,nosmurfs,routeback,bridge';
# }
#
# class { 'shorewall::blrules':
# options => 'tcpflags,
blacklist,
nosmurfs,routeback,bridge',
# options => 'tcpflags,nosmurfs,routeback,bridge',
# whitelists => [
# "net:10.0.0.1,192.168.0.1 all",
# ],
...
...
manifests/host.pp
View file @
4da1590e
define
shorewall::host
(
$zone
,
$options
=
'tcpflags
,blacklist,norfc1918
'
,
$options
=
'tcpflags'
,
$order
=
'100'
){
shorewall::entry
{
"hosts-
${order}
-
${name}
"
:
...
...
manifests/init.pp
View file @
4da1590e
...
...
@@ -27,10 +27,6 @@ class shorewall(
$proxyarp_defaults
=
{},
$nat
=
{},
$nat_defaults
=
{},
$blacklist
=
{},
$blacklist_defaults
=
{},
$rfc1918
=
{},
$rfc1918_defaults
=
{},
$routestopped
=
{},
$routestopped_defaults
=
{},
$params
=
{},
...
...
@@ -76,10 +72,6 @@ class shorewall(
'proxyarp'
,
# See http://www.shorewall.net/3.0/Documentation.htm#NAT
'nat'
,
# See http://www.shorewall.net/3.0/Documentation.htm#Blacklist
'blacklist'
,
# See http://www.shorewall.net/3.0/Documentation.htm#rfc1918
'rfc1918'
,
# See http://www.shorewall.net/3.0/Documentation.htm#Routestopped
'routestopped'
,
# See http://www.shorewall.net/3.0/Documentation.htm#Variables
...
...
@@ -110,8 +102,6 @@ class shorewall(
create_resources
(
'shorewall::masq'
,
$masq
,
$masq_defaults
)
create_resources
(
'shorewall::proxyarp'
,
$proxyarp
,
$proxyarp_defaults
)
create_resources
(
'shorewall::nat'
,
$nat
,
$nat_defaults
)
create_resources
(
'shorewall::blacklist'
,
$blacklist
,
$blacklist_defaults
)
create_resources
(
'shorewall::rfc1918'
,
$rfc1918
,
$rfc1918_defaults
)
create_resources
(
'shorewall::routestopped'
,
$routestopped
,
$routestopped_defaults
)
create_resources
(
'shorewall::params'
,
$params
,
$params_defaults
)
...
...
manifests/interface.pp
View file @
4da1590e
define
shorewall::interface
(
$zone
,
$broadcast
=
'detect'
,
$options
=
'tcpflags,
blacklist,
routefilter,nosmurfs,logmartians'
,
$options
=
'tcpflags,routefilter,nosmurfs,logmartians'
,
$add_options
=
''
,
$rfc1918
=
false
,
$dhcp
=
false
,
$order
=
100
){
...
...
@@ -17,13 +16,8 @@ define shorewall::interface(
default
=>
',dhcp'
,
}
$rfc1918_opt
=
$rfc1918
?
{
false
=>
',norfc1918'
,
default
=>
''
,
}
shorewall::entry
{
"interfaces-
${order}
-
${name}
"
:
line
=>
"
${zone}
${name}
${broadcast}
${options}${dhcp_opt}${
rfc1918_opt}${
added_opts}
"
,
line
=>
"
${zone}
${name}
${broadcast}
${options}${dhcp_opt}${added_opts}
"
,
}
}
manifests/rfc1918.pp
deleted
100644 → 0
View file @
054ccc9e
define
shorewall::rfc1918
(
$action
=
'logdrop'
,
$order
=
'100'
){
shorewall::entry
{
"rfc1918-
${order}
-
${name}
"
:
line
=>
"
${name}
${action}
"
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment