From 203ed074422a00d7b760cba4c94534b076d73da7 Mon Sep 17 00:00:00 2001
From: Andrew Tomaka <atomaka@gmail.com>
Date: Tue, 1 Apr 2014 14:48:41 -0400
Subject: [PATCH] Fix firewall rules

---
 manifests/final.pp | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/manifests/final.pp b/manifests/final.pp
index 1acfeaa..0b91be4 100644
--- a/manifests/final.pp
+++ b/manifests/final.pp
@@ -81,11 +81,23 @@ exec { 'start rails app':
 resources { 'firewall':
   purge => true,
 }
-class { '::firewall': }
+class { '::firewall':
+  require => Class['::ssh::server'],
+}
 firewall { '000 accept all icmp':
   proto  => 'icmp',
   action => 'accept',
 } ->
+firewall { '001 accept all to lo interface':
+  proto   => 'all',
+  iniface => 'lo',
+  action  => 'accept',
+}->
+firewall { '002 accept related established rules':
+  proto   => 'all',
+  state   => ['RELATED', 'ESTABLISHED'],
+  action  => 'accept',
+}->
 firewall { '100 accept ssh (non-default port)':
   proto  => 'tcp',
   dport  => '22984',
@@ -95,7 +107,8 @@ firewall { '200 accept http':
   proto  => 'tcp',
   dport  => '80',
   action => 'accept',
-} ->
+}
+
 firewall { '999 drop all':
   proto  => 'all',
   action => 'drop',