control-repo/site-modules/profile/manifests/firewall/finish.pp

42 lines
973 B
ObjectPascal
Raw Normal View History

2019-10-21 04:14:31 +00:00
# == Class: profile::firewall::finish
#
# Post actions for firewall management.
#
class profile::firewall::finish {
2019-10-22 07:47:52 +00:00
['INPUT','OUTPUT'].each | $chain | {
2019-10-25 05:39:33 +00:00
#Drop the known noise from hitting the log
['255.255.255.255',ip_address(ip_broadcast("${::network}/${::netmask}"))].each | $dest | {
firewall { "990 Broadcasts for $dest for ${chain}":
destination => $dest,
proto => 'all',
action => 'drop',
chain => $chain,
}
}
2019-10-21 04:14:31 +00:00
# Log whatever hasn't been dealt with already
firewall { "998 Logging for ${chain}":
jump => 'LOG',
proto => 'all',
chain => $chain,
}
# Drop everything else
firewall { "999 drop all for ${chain}":
proto => 'all',
action => 'drop',
chain => $chain,
}
firewall { "999 drop all for ${chain} for IPv6":
proto => 'all',
action => 'drop',
chain => $chain,
provider => 'ip6tables',
}
}
}