File tree Expand file tree Collapse file tree 1 file changed +34
-0
lines changed
modules/iptables/manifests Expand file tree Collapse file tree 1 file changed +34
-0
lines changed Original file line number Diff line number Diff line change 4646
4747) {
4848
49+ $chains_header = $chains .map |$chain ,$policy | { sprintf(" :%s %s [0:0]" $chain , $policy ) }
50+
4951 $enforce_command = ' /usr/local/sbin/enforce-iptables'
5052 file { 'enforce-command' :
5153 path => $enforce_command ,
7476 notify => Exec[' enforce-puppet-iptables'
7577 }
7678
79+ concat::fragment { ' 00-ipv4-header'
80+ target => $ipv4file ,
81+ order => 0,
82+ content => ([
83+ ' *filter'
84+ ] + $chains_header ).join(' \n '
85+ }
86+
87+ concat::fragment { ' 99-ipv4-trailer'
88+ target => $ipv4file ,
89+ order => 9999,
90+ content => [
91+ ' COMMIT'
92+ ].join(' \n '
93+ }
94+
7795 exec { 'enforce-puppet-iptables' :
7896 command => " /usr/bin/echo ${enforce_command} ipv4 '${ipv4file} '"
7997 refreshonly => true ,
108126 notify => Exec[' enforce-puppet-ip6tables'
109127 }
110128
129+ concat::fragment { ' 00-ipv6-header'
130+ target => $ipv6file ,
131+ order => 0,
132+ content => ([
133+ ' *filter'
134+ ] + $chains_header ).join(' \n '
135+ }
136+
137+ concat::fragment { ' 99-ipv6-trailer'
138+ target => $ipv6file ,
139+ order => 9999,
140+ content => [
141+ ' COMMIT'
142+ ].join(' \n '
143+ }
144+
111145 exec { 'enforce-puppet-ip6tables' :
112146 command => " /usr/bin/echo ${enforce_command} ipv6 '${ipv6file} '"
113147 refreshonly => true ,
You can’t perform that action at this time.
0 commit comments