From: Jonathan Boyett <jonathan@failingservers.com>
Date: Mon, 9 May 2011 23:24:29 +0000 (-0700)
Subject: add examples
X-Git-Tag: v0.0.1~71
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=fa1b0b395a83f69abf7fa0319dd34f00eb2db5c4;p=puppet-modules%2Fpuppetlabs-firewall.git

add examples
---

diff --git a/examples/iptables/readme.pp b/examples/iptables/readme.pp
new file mode 100644
index 0000000..dab9010
--- /dev/null
+++ b/examples/iptables/readme.pp
@@ -0,0 +1,35 @@
+  firewall { '000 allow packets with valid state':
+    state       => ['RELATED,ESTABLISHED'],
+    jump        => 'ACCEPT',
+  }
+  firewall { '001 allow icmp':
+    proto       => 'icmp',
+    jump        => 'ACCEPT',
+  }
+  firewall { '002 allow all to lo interface':
+    iniface       => 'lo',
+    jump        => 'ACCEPT',
+  }
+  firewall { '100 allow http':
+    proto       => 'tcp',
+    dport       => '80',
+    jump        => 'ACCEPT',
+  }
+  firewall { '100 allow ssh':
+    proto       => 'tcp',
+    dport       => '22',
+    jump        => 'ACCEPT',
+  }
+  firewall { '100 allow mysql from internal':
+    proto       => 'tcp',
+    dport       => '3036',
+    source      => '10.5.5.0/24',
+    jump        => 'ACCEPT',
+  }
+  firewall { '999 drop everything else':
+    jump        => 'DROP',
+  }
+
+  resources { 'firewall':
+    purge => true,
+  }
diff --git a/examples/iptables/run.sh b/examples/iptables/run.sh
new file mode 100755
index 0000000..26d6b69
--- /dev/null
+++ b/examples/iptables/run.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+puppet apply --debug --libdir ../lib readme.pp
diff --git a/examples/iptables/test.pp b/examples/iptables/test.pp
new file mode 100644
index 0000000..6a8e086
--- /dev/null
+++ b/examples/iptables/test.pp
@@ -0,0 +1,38 @@
+firewall { '000 allow foo':
+  dport => [7061, 7062],
+  jump => "ACCEPT",
+  proto => "tcp",
+}
+firewall { '001 allow boo':
+  jump => "ACCEPT",
+  iniface => "eth0",
+  sport => "123",
+  dport => "123",
+  proto => "tcp",
+  destination => "1.1.1.0/24",
+  source => "2.2.2.0/24",
+}
+firewall { '999 bar':
+  dport => "1233",
+  proto => "tcp",
+  jump => "DROP",
+}
+firewall { '002 foo':
+  dport => "1233",
+  proto => "tcp",
+  jump => "DROP",
+}
+firewall { "010 icmp":
+  proto => "icmp",
+#  icmp => "any",
+  jump => "ACCEPT",
+}
+#firewall { "050 horrowshow":
+#  
+#}
+
+
+resources { 'firewall':
+  purge => true
+}
+