Skip to content

Commit

Permalink
use firewall 8 for all firewall resources
Browse files Browse the repository at this point in the history 
- s/action/jump/
- s/provider/protocol/
  • Loading branch information
@rrotter
rrotter committed Nov 6, 2024
1 parent 4995513 commit 2facdc0
Show file tree
Hide file tree
Showing 15 changed files with 25 additions and 25 deletions.
2 changes: 1 addition & 1 deletion manifests/exposed_port.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@
dport => $port,
source => $cidr['block'],
state => 'NEW',
action => 'accept',
jump => 'accept',
}
}
}
2 changes: 1 addition & 1 deletion manifests/firewall_allow.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@
dport => $port,
source => $cidr,
state => 'NEW',
action => 'accept',
jump => 'accept',
}
}
}
2 changes: 1 addition & 1 deletion manifests/profile/fulcrum/nginx.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -197,6 +197,6 @@
proto => 'tcp',
dport => 443,
state => 'NEW',
action => 'accept',
jump => 'accept',
}
}
2 changes: 1 addition & 1 deletion manifests/profile/hathitrust/rsync.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@
dport => 873,
source => $user['ip'],
state => 'NEW',
action => 'accept'
jump => 'accept'
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion manifests/profile/hathitrust/secure_rsync.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@
source => $network['block'],
src_range => $network['range'],
state => 'NEW',
action => 'accept',
jump => 'accept',
}
}
}
2 changes: 1 addition & 1 deletion manifests/profile/kubernetes/dns_server.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@
dport => 53,
source => $node_cidr,
state => 'NEW',
action => 'accept',
jump => 'accept',
;

'200 Nameserver (TCP)':
Expand Down
2 changes: 1 addition & 1 deletion manifests/profile/kubernetes/haproxy.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@
default:
proto => 'tcp',
state => 'NEW',
action => 'accept',
jump => 'accept',
;

'200 private api':
Expand Down
2 changes: 1 addition & 1 deletion manifests/profile/kubernetes/kubelet.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@
proto => 'tcp',
source => $node_cidr,
state => 'NEW',
action => 'accept',
jump => 'accept',
;

'200 Cluster ssh':
Expand Down
2 changes: 1 addition & 1 deletion manifests/profile/kubernetes/router.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
firewall { '001 Do not NAT internal requests':
table => 'nat',
chain => 'POSTROUTING',
action => 'accept',
jump => 'accept',
proto => 'all',
source => $node_cidr,
destination => $node_cidr,
Expand Down
2 changes: 1 addition & 1 deletion manifests/profile/letsencrypt.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,6 @@
proto => 'tcp',
dport => 80,
state => 'NEW',
action => 'accept',
jump => 'accept',
}
}
20 changes: 10 additions & 10 deletions manifests/profile/networking/firewall.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@
$firewall_defaults = {
proto => 'tcp',
state => 'NEW',
action => 'accept'
jump => 'accept'
}

create_resources(firewall,$rules,$firewall_defaults)
Expand All @@ -154,41 +154,41 @@
firewall { '001 accept related established rules':
proto => 'all',
state => ['RELATED', 'ESTABLISHED'],
action => 'accept',
jump => 'accept',
}

firewall { '001 accept all to lo interface':
proto => 'all',
iniface => 'lo',
action => 'accept',
jump => 'accept',
}

firewall { '999 drop all':
proto => 'all',
action => 'drop',
jump => 'drop',
before => undef,
}

# Default IPv6 items, sorted by title
firewall { '001 accept related established rules (v6)':
proto => 'all',
state => ['RELATED', 'ESTABLISHED'],
action => 'accept',
provider => 'ip6tables',
jump => 'accept',
protocol => 'ip6tables',
}

firewall { '001 accept all to lo interface (v6)':
proto => 'all',
iniface => 'lo',
action => 'accept',
provider => 'ip6tables',
jump => 'accept',
protocol => 'ip6tables',
}

firewall { '999 drop all (v6)':
proto => 'all',
action => 'drop',
jump => 'drop',
before => undef,
provider => 'ip6tables',
protocol => 'ip6tables',
}

}
2 changes: 1 addition & 1 deletion manifests/profile/networking/firewall/http_datacenters.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
proto => 'tcp',
dport => [80, 443],
state => 'NEW',
action => 'accept'
jump => 'accept'
}

$networks.flatten.each |$network| {
Expand Down
2 changes: 1 addition & 1 deletion manifests/profile/networking/firewall/private_ssh.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
$cidrs.each |$cidr| {
firewall { "100 Private SSH: ${cidr}":
state => 'NEW',
action => 'accept',
jump => 'accept',
dport => $port,
source => $cidr,
proto => 'tcp'
Expand Down
4 changes: 2 additions & 2 deletions manifests/profile/prometheus.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,7 @@
proto => 'tcp',
dport => [443],
state => 'NEW',
action => 'accept',
jump => 'accept',
}
}

Expand All @@ -190,7 +190,7 @@
dport => 9100,
source => $::ipaddress,
state => 'NEW',
action => 'accept',
jump => 'accept',
}

case $facts["mlibrary_ip_addresses"] {
Expand Down
2 changes: 1 addition & 1 deletion manifests/role/webhost/htvm/test.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
dport => [80,443],
source => $network['block'],
state => 'NEW',
action => 'accept',
jump => 'accept',
}
}

Expand Down

0 comments on commit 2facdc0

Please sign in to comment.