--- /dev/null
+ firewall { '000 allow packets with valid state':
+ state => ['RELATED,ESTABLISHED'],
+ jump => 'ACCEPT',
+ }
+ firewall { '001 allow icmp':
+ proto => 'icmp',
+ jump => 'ACCEPT',
+ }
+ firewall { '002 allow all to lo interface':
+ iniface => 'lo',
+ jump => 'ACCEPT',
+ }
+ firewall { '100 allow http':
+ proto => 'tcp',
+ dport => '80',
+ jump => 'ACCEPT',
+ }
+ firewall { '100 allow ssh':
+ proto => 'tcp',
+ dport => '22',
+ jump => 'ACCEPT',
+ }
+ firewall { '100 allow mysql from internal':
+ proto => 'tcp',
+ dport => '3036',
+ source => '10.5.5.0/24',
+ jump => 'ACCEPT',
+ }
+ firewall { '999 drop everything else':
+ jump => 'DROP',
+ }
+
+ resources { 'firewall':
+ purge => true,
+ }
--- /dev/null
+firewall { '000 allow foo':
+ dport => [7061, 7062],
+ jump => "ACCEPT",
+ proto => "tcp",
+}
+firewall { '001 allow boo':
+ jump => "ACCEPT",
+ iniface => "eth0",
+ sport => "123",
+ dport => "123",
+ proto => "tcp",
+ destination => "1.1.1.0/24",
+ source => "2.2.2.0/24",
+}
+firewall { '999 bar':
+ dport => "1233",
+ proto => "tcp",
+ jump => "DROP",
+}
+firewall { '002 foo':
+ dport => "1233",
+ proto => "tcp",
+ jump => "DROP",
+}
+firewall { "010 icmp":
+ proto => "icmp",
+# icmp => "any",
+ jump => "ACCEPT",
+}
+#firewall { "050 horrowshow":
+#
+#}
+
+
+resources { 'firewall':
+ purge => true
+}
+
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff