atomaka/tc362
1
0
Fork 0
Code Releases Activity

Fix firewall rules

Browse source
This commit is contained in:
Andrew Tomaka 2014-04-01 14:48:41 -04:00
parent 954067c955
commit 203ed07442
1 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
manifests/final.pp
View file

@ -81,11 +81,23 @@ exec { 'start rails app':
resources { 'firewall':
purge => true,
}
class { '::firewall': }
class { '::firewall':
require => Class['::ssh::server'],
}
firewall { '000 accept all icmp':
proto => 'icmp',
action => 'accept',
} ->
firewall { '001 accept all to lo interface':
proto => 'all',
iniface => 'lo',
action => 'accept',
}->
firewall { '002 accept related established rules':
proto => 'all',
state => ['RELATED', 'ESTABLISHED'],
action => 'accept',
}->
firewall { '100 accept ssh (non-default port)':
proto => 'tcp',
dport => '22984',
@ -95,7 +107,8 @@ firewall { '200 accept http':
proto => 'tcp',
dport => '80',
action => 'accept',
} ->
}
firewall { '999 drop all':
proto => 'all',
action => 'drop',