Révision ae9872e2
Make masking Service['firewalld'] configurable
| manifests/init.pp | ||
|---|---|---|
| 42 | 42 |
# Adds INPUT and OUTPUT rules to allow traffic that's part of an |
| 43 | 43 |
# established connection and also to drop invalid packets. |
| 44 | 44 |
# |
| 45 |
# @param firewalld_enable |
|
| 46 |
# Configures how the firewalld systemd service unit is enabled. It might be |
|
| 47 |
# useful to set this to false if you're externaly removing firewalld from |
|
| 48 |
# the system completely. |
|
| 49 |
# |
|
| 45 | 50 |
class nftables ( |
| 46 | 51 |
Boolean $in_ssh = true, |
| 47 | 52 |
Boolean $out_ntp = true, |
| ... | ... | |
| 55 | 60 |
Variant[Boolean[false], Pattern[ |
| 56 | 61 |
/icmp(v6|x)? type .+|tcp reset/]] |
| 57 | 62 |
$reject_with = 'icmpx type port-unreachable', |
| 63 |
Variant[Boolean[false], Enum['mask']] |
|
| 64 |
$firewalld_enable = 'mask', |
|
| 58 | 65 |
) {
|
| 59 | 66 |
|
| 60 | 67 |
package{'nftables':
|
| ... | ... | |
| 85 | 92 |
|
| 86 | 93 |
service{'firewalld':
|
| 87 | 94 |
ensure => stopped, |
| 88 |
enable => mask,
|
|
| 95 |
enable => $firewalld_enable,
|
|
| 89 | 96 |
} |
| 90 | 97 |
|
| 91 | 98 |
include nftables::inet_filter |
Formats disponibles : Unified diff