],
}
+ firewall { '001 ssh needed for beaker testing':
+ proto => 'tcp',
+ dport => '22',
+ action => 'accept',
+ before => Firewallchain['INPUT:filter:IPv4'],
+ }
+
firewall { '010 INPUT allow established and related':
proto => 'all',
state => ['ESTABLISHED', 'RELATED'],
action => 'accept',
before => Firewallchain['INPUT:filter:IPv4'],
}
+
firewall { "011 reject local traffic not on loopback interface":
iniface => '! lo',
proto => 'all',
action => 'accept',
before => Firewallchain['INPUT:filter:IPv4'],
}
+
firewall { '025 smtp':
outiface => '! eth0:2',
chain => 'OUTPUT',
/-A INPUT -s 10.0.0.0\/(8|255\.0\.0\.0) -p icmp -m comment --comment \"013 icmp echo-request\" -m icmp --icmp-type 8 -j ACCEPT/,
/-A INPUT -p icmp -m comment --comment \"013 icmp time-exceeded\" -m icmp --icmp-type 11 -j ACCEPT/,
/-A INPUT -p tcp -m multiport --dports 22 -m comment --comment \"020 ssh\" -m state --state NEW -j ACCEPT/,
+ /-A INPUT -p tcp -m multiport --dports 22 -m comment --comment \"001 ssh needed for beaker testing\" -j ACCEPT/,
/-A OUTPUT (! -o|-o !) eth0:2 -p tcp -m multiport --dports 25 -m comment --comment \"025 smtp\" -m state --state NEW -j ACCEPT/,
/-A INPUT -i eth0:3 -p tcp -m multiport --dports 443 -m comment --comment \"443 ssl on aliased interface\" -m state --state NEW -j ACCEPT/,
/-A INPUT -m comment --comment \"900 LOCAL_INPUT\" -j LOCAL_INPUT/,
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff