Puppet Class: profile::wmcs::firewall
- Defined in:
- modules/profile/manifests/wmcs/firewall.pp
Summary
a profile to allow one to create firewall rules via hiera. usefull for cloud hostsOverview
SPDX-License-Identifier: Apache-2.0
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
# File 'modules/profile/manifests/wmcs/firewall.pp', line 5
class profile::wmcs::firewall (
Hash $services = lookup('profile::wmcs::firewall::services'),
Array[Stdlib::IP::Address] $blocked_ips = lookup('profile::wmcs::firewall::blocked_ips'),
) {
# We handle firewall rules explicitly in profiles or via requestctl in production
requires_realm('labs')
include profile::firewall
$services.each |$service, $config| {
ferm::service {$service:
* => $config,
}
}
unless $blocked_ips.empty() {
ferm::rule { 'drop-reject-from-extras::reject':
prio => '01',
rule => "saddr (${blocked_ips.join(' ')}) DROP;",
desc => 'drop traffic from nets listed in profile::wmcs::firewall::blocked_ips hiera key',
}
}
}
|