From a8640d35c6886627fbb4933c284e24e8889b637a Mon Sep 17 00:00:00 2001 From: ben Date: Fri, 21 Jun 2024 14:07:32 +1000 Subject: [PATCH] remove default rules for testing --- manifests/firewall.pp | 50 +++++++++++++++++++++---------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/manifests/firewall.pp b/manifests/firewall.pp index e3af7b5..5703a2d 100644 --- a/manifests/firewall.pp +++ b/manifests/firewall.pp @@ -11,26 +11,26 @@ } # Default firewall rules - firewall { '000 accept all icmp': - proto => 'icmp', - jump => 'accept', - } - -> firewall { '001 accept all to lo interface': - proto => 'all', - iniface => 'lo', - jump => 'accept', - } - -> firewall { '002 reject local traffic not on loopback interface': - iniface => '! lo', - proto => 'all', - destination => '127.0.0.1/8', - jump => 'reject', - } - -> firewall { '003 accept related established rules': - proto => 'all', - state => ['RELATED', 'ESTABLISHED'], - jump => 'accept', - } + # firewall { '000 accept all icmp': + # proto => 'icmp', + # jump => 'accept', + # } + # -> firewall { '001 accept all to lo interface': + # proto => 'all', + # iniface => 'lo', + # jump => 'accept', + # } + # -> firewall { '002 reject local traffic not on loopback interface': + # iniface => '! lo', + # proto => 'all', + # destination => '127.0.0.1/8', + # jump => 'reject', + # } + # -> firewall { '003 accept related established rules': + # proto => 'all', + # state => ['RELATED', 'ESTABLISHED'], + # jump => 'accept', + # } # Add rules for apache if $observium::manage_ssl { firewall { "50 Allow https access ${observium::apache_sslport}": @@ -40,11 +40,11 @@ } } else { - # firewall { "50 Allow http access ${observium::apache_port}": - # dport => $observium::apache_port, - # proto => 'tcp', - # jump => 'accept', - # } + firewall { "50 Allow http access ${observium::apache_port}": + dport => $observium::apache_port, + proto => 'tcp', + jump => 'accept', + } } # Ensure ssh is open firewall { '004 Allow inbound SSH':