Created by
Ian Samuel
| # git clone https://github.com/duritong/puppet-shorewall.git /etc/puppet/modules/shorewall/
class { 'shorewall':
startup => 1,
}
shorewall::routestopped { 'eth0':
host => '10.1.10.0/24',
}
$shorewall_ipv4_zones = ['net']
shorewall::zone { $shorewall_ipv4_zones:
type => 'ipv4',
}
shorewall::policy { 'fw-to-net':
sourcezone => 'fw',
destinationzone => 'net',
policy => 'ACCEPT',
order => 100,
}
shorewall::policy { 'net-to-all':
sourcezone => 'net',
destinationzone => 'all',
policy => 'DROP',
shloglevel => 'info',
order => 110,
}
shorewall::policy { 'all-to-all':
sourcezone => 'all',
destinationzone => 'all',
policy => 'REJECT',
shloglevel => 'info',
order => 999,
}
shorewall::interface { 'eth0':
zone => 'net',
rfc1918 => true,
}
shorewall::rule_section { 'NEW':
order => 100,
}
shorewall::rule { 'ping':
action => 'Ping(ACCEPT)',
source => 'all',
destination => 'all',
order => 110,
}
shorewall::rule { 'ssh':
action => 'ACCEPT',
source => 'net:10.1.10.0/24',
destination => 'fw',
proto => 'tcp',
destinationport => 'ssh',
order => 120,
}
|
