# == Class: profile::firewall::finish
#
# Post actions for firewall management.
#
class profile::firewall::finish {


  # ['INPUT','OUTPUT'].each | $chain | {
  #
  #   # Drop the known noise from hitting the log
  #   ['255.255.255.255',ip_address(ip_broadcast("${::network}/${::netmask}"))].each | $dest | {
  #     firewall { "990 Broadcasts for $dest for ${chain}":
  #       destination  => $dest,
  #       proto  => 'all',
  #       action => 'drop',
  #       chain  => $chain,
  #     }
  #   } 

    # Log whatever hasn't been dealt with already
    firewall { "998 Logging for ${chain}":
      jump   => 'LOG',
      proto  => 'all',
      chain  => $chain,
    }

    # Drop everything else
    firewall { "999 drop all for ${chain}":
      proto  => 'all',
      action => 'drop',
      chain  => $chain,
    }
    firewall { "999 drop all for ${chain} for IPv6":
      proto    => 'all',
      action   => 'drop',
      chain    => $chain,
      provider => 'ip6tables',
    }
  }

}