Puppet Class: r_profile::fw::pre

Defined in:
manifests/fw/pre.pp

Overview

R_profile::Fw::Pre

‘pre’ rules for iptables



4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'manifests/fw/pre.pp', line 4

class r_profile::fw::pre {
#  package { 'iptables':
#    ensure => present,
#  }

  # make sure iptables installed before trying to do any firewall
  # stuff
#  Package['iptables'] -> Firewall<| |>

  Firewall {
    require => undef,
  }

  # Default firewall rules
  firewall { '000 accept all icmp':
    proto  => 'icmp',
    action => 'accept',
  }                                                       ->
  firewall { '001 accept all to lo interface':
    proto   => 'all',
    iniface => 'lo',
    action  => 'accept',
  }                                                       ->
  firewall { '002 accept related established rules':
    proto  => 'all',
    state  => ['RELATED', 'ESTABLISHED'],
    action => 'accept',
  }                                                       ->
  firewall { '003 allow SSH':
    proto  => 'tcp',
    dport  => 22,
    action => 'accept',
  }

}