Update the 'recent' module example with a more complete one linked to from the iptabl...

author Mike Bryant <mike@mikebryant.me.uk>

Tue, 4 Feb 2014 23:38:05 +0000 (23:38 +0000)

committer Hunter Haugen <hunter@puppetlabs.com>

Wed, 5 Feb 2014 17:18:40 +0000 (09:18 -0800)
author Mike Bryant <mike@mikebryant.me.uk>
Tue, 4 Feb 2014 23:38:05 +0000 (23:38 +0000)
committer Hunter Haugen <hunter@puppetlabs.com>
Wed, 5 Feb 2014 17:18:40 +0000 (09:18 -0800)
diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb

index 60934419711231e5b75ae73bf1153053c7829ef3..18f1a713aa12dbd319ee411cb6929f31f99cb015 100644 (file)
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -700,10 +700,27 @@ Puppet::Type.newtype(:firewall) do
        Enable the recent module. Takes as an argument one of set, update,
        rcheck or remove. For example:
  
-          recent    => 'update',
-          rseconds  => 60,
-          rhitcount => 4,
-          rsource   => true,
+        # If anyone's appeared on the 'badguy' blacklist within
+        # the last 60 seconds, drop their traffic, and update the timestamp.
+        firewall { '100 Drop badguy traffic':
+          recent   => 'update',
+          rseconds => 60,
+          rsource  => true,
+          rname    => 'badguy',
+          action   => 'DROP',
+          chain    => 'FORWARD',
+        }
+        # No-one should be sending us traffic on eth0 from localhost
+        # Blacklist them
+        firewall { '101 blacklist strange traffic':
+          recent      => 'set',
+          rsource     => true,
+          rname       => 'badguy',
+          destination => '127.0.0.0/8',
+          iniface     => 'eth0',
+          action      => 'DROP',
+          chain       => 'FORWARD',
+        }
      EOS
  
      newvalues(:set, :update, :rcheck, :remove)
author	Mike Bryant <mike@mikebryant.me.uk>
	Tue, 4 Feb 2014 23:38:05 +0000 (23:38 +0000)
committer	Hunter Haugen <hunter@puppetlabs.com>
	Wed, 5 Feb 2014 17:18:40 +0000 (09:18 -0800)