File: init.pp

package info (click to toggle)
puppet-module-puppetlabs-firewall 8.1.7-1
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 512 kB
  • sloc: ruby: 2,674; sh: 39; makefile: 2
file content (83 lines) | stat: -rw-r--r-- 2,847 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
 
# @summary 
# Performs the basic setup tasks required for using the firewall resources.
#
# At the moment this takes care of:
#
# iptables-persistent package installation
# Include the firewall class for nodes that need to use the resources in this module:
#
# @example
#   class { 'firewall': }
#
# @param ensure
#   Controls the state of the ipv4 iptables service on your system. Valid options: 'running' or 'stopped'.
#
# @param ensure_v6
#   Controls the state of the ipv6 iptables service on your system. Valid options: 'running' or 'stopped'.
#
# @param pkg_ensure
#   Controls the state of the iptables package on your system. Valid options: 'present', 'installed' or 'latest'.
#
# @param service_name
#   Specify the name of the IPv4 iptables service.
#
# @param service_name_v6
#   Specify the name of the IPv6 iptables service.
#
# @param package_name
#   Specify the platform-specific package(s) to install.
#
# @param ebtables_manage
#   Controls whether puppet manages the ebtables package or not. If managed, the package will use the value of pkg_ensure.
#
class firewall (
  Enum[running, stopped, 'running', 'stopped']                       $ensure          = running,
  Optional[Enum[running, stopped, 'running', 'stopped']]             $ensure_v6       = undef,
  Enum[present, installed, latest, 'present', 'installed', 'latest'] $pkg_ensure      = present,
  Variant[String[1], Array[String[1]]]                               $service_name    = $firewall::params::service_name,
  Optional[String[1]]                                                $service_name_v6 = $firewall::params::service_name_v6,
  Optional[Variant[String[1], Array[String[1]]]]                     $package_name    = $firewall::params::package_name,
  Boolean                                                            $ebtables_manage = false,
) inherits firewall::params {
  $_ensure_v6 = pick($ensure_v6, $ensure)

  case $ensure {
    /^(running|stopped)$/: {
      # Do nothing.
    }
    default: {
      fail("${title}: Ensure value '${ensure}' is not supported")
    }
  }

  if $ensure_v6 {
    case $ensure_v6 {
      /^(running|stopped)$/: {
        # Do nothing.
      }
      default: {
        fail("${title}: ensure_v6 value '${ensure_v6}' is not supported")
      }
    }
  }

  case $facts['kernel'] {
    'Linux': {
      class { "${title}::linux":
        ensure          => $ensure,
        ensure_v6       => $_ensure_v6,
        pkg_ensure      => $pkg_ensure,
        service_name    => $service_name,
        service_name_v6 => $service_name_v6,
        package_name    => $package_name,
        ebtables_manage => $ebtables_manage,
      }
      contain "${title}::linux"
    }
    'FreeBSD', 'OpenBSD', 'windows': {
    }
    default: {
      fail("${title}: Kernel '${facts['kernel']}' is not currently supported")
    }
  }
}