From: Jonathan Boyett <jonathan@failingservers.com>
Date: Wed, 11 May 2011 18:07:29 +0000 (-0700)
Subject: add additional test rules to examples
X-Git-Tag: v0.0.1~64
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=8aa60cd07d7a818aad0e0b9d9049f1b330db4ef1;p=puppet-modules%2Fpuppetlabs-firewall.git

add additional test rules to examples
---

diff --git a/examples/iptables/test.pp b/examples/iptables/test.pp
index 4f1e390..5d69c2d 100644
--- a/examples/iptables/test.pp
+++ b/examples/iptables/test.pp
@@ -26,13 +26,75 @@ firewall { '002 foo':
   jump => "DROP",
 }
 
-firewall { "010 icmp":
+firewall { '010 icmp':
   proto => "icmp",
   icmp => "echo-reply",
   jump => "ACCEPT",
 }
 
+firewall { '010 INPUT allow loopback':
+  iniface => 'lo',
+  chain => 'INPUT',
+  jump => 'ACCEPT'
+}
+
+firewall { '005 INPUT disregard DHCP':
+  dport => ['bootpc', 'bootps'],
+  jump => 'DROP',
+  proto => 'udp'
+}
+
+firewall { '006 INPUT disregard netbios':
+  proto => 'udp'
+  dport => ['netbios-ns', 'netbios-dgm', 'netbios-ssn']
+  jump => 'DROP'
+}
+
+firewall { '006 Disregard CIFS':
+  dport => 'microsoft-ds',
+  jump => 'DROP',
+  proto => 'tcp'
+}
+
+firewall { '050 INPUT drop invalid':
+  state => 'INVALID',
+  jump => 'DROP'
+}
+
+firewall { '051 INPUT allow related and established':
+  state => ['RELATED', 'ESTABLISHED'],
+  jump => 'ACCEPT'
+}
+
+firewall { '053 INPUT allow ICMP':
+  icmp => '8',
+  proto => 'icmp',
+  jump => 'ACCEPT'
+}
+
+firewall { '055 INPUT allow DNS':
+  proto => 'udp',
+  jump => 'ACCEPT',
+  sport => 'domain'
+}
+
+firewall { '999 FORWARD drop':
+  chain => 'OUTPUT',
+  jump => 'DROP'
+}
+
+firewall { '001 OUTPUT allow loopback':
+  chain => 'OUTPUT',
+  outiface => 'lo',
+  jump => 'ACCEPT'
+}
+
+firewall { '100 OUTPUT drop invalid':
+  chain => 'OUTPUT',
+  state => 'INVALID',
+  jump => 'DROP'
+}
+
 resources { 'firewall':
   purge => true
 }
-