diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2015-07-10 18:48:13 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2015-07-10 18:48:13 +0000 |
| commit | 8011d70a80501e4f5cccf0be7d870fba677a3c7c (patch) | |
| tree | 454dd8eebb763b5751d444fda8ee7c7dccedfb4e /manifests/firewall/rule.pp | |
| parent | 77662b64a928db04820041fb0fcf764387600f0a (diff) | |
| parent | d091e46dc061d81c3a9e2f561efa15a4ee94a187 (diff) | |
Merge "Implement Advanced Firewalling support"
Diffstat (limited to 'manifests/firewall/rule.pp')
| -rw-r--r-- | manifests/firewall/rule.pp | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/manifests/firewall/rule.pp b/manifests/firewall/rule.pp new file mode 100644 index 0000000..02afbc2 --- /dev/null +++ b/manifests/firewall/rule.pp @@ -0,0 +1,80 @@ +# +# Copyright (C) 2015 eNovance SAS <licensing@enovance.com> +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Define: tripleo::firewall::rule +# +# Define used to manage IPtables rules. +# +# === Parameters: +# +# [*port*] +# (optional) The port associated to the rule. +# Defaults to undef +# +# [*proto*] +# (optional) The protocol associated to the rule. +# Defaults to 'tcp' +# +# [*action*] +# (optional) The action policy associated to the rule. +# Defaults to 'accept' +# +# [*state*] +# (optional) Array of states associated to the rule.. +# Defaults to ['NEW'] +# +# [*source*] +# (optional) The source IP address associated to the rule. +# Defaults to '0.0.0.0/0' +# +# [*iniface*] +# (optional) The network interface associated to the rule. +# Defaults to undef +# +# [*chain*] +# (optional) The chain associated to the rule. +# Defaults to 'INPUT' +# +# [*extras*] +# (optional) Hash of any puppetlabs-firewall supported parameters. +# Defaults to {} +# +define tripleo::firewall::rule ( + $port = undef, + $proto = 'tcp', + $action = 'accept', + $state = ['NEW'], + $source = '0.0.0.0/0', + $iniface = undef, + $chain = 'INPUT', + $extras = {}, +) { + + $basic = { + 'port' => $port, + 'proto' => $proto, + 'action' => $action, + 'state' => $state, + 'source' => $source, + 'iniface' => $iniface, + 'chain' => $chain, + } + + $rule = merge($basic, $extras) + validate_hash($rule) + + create_resources('firewall', { "${title}" => $rule }) + +} |