add puppet rules

diff --git a/manifests/rules/out/puppet.pp b/manifests/rules/out/puppet.pp
new file mode 100644 (file)
index 0000000..5cd4643
--- /dev/null
+++ b/manifests/rules/out/puppet.pp
@@ -0,0 +1,12 @@
+class shorewall::rules::out::puppet {
+    include ::shorewall::rules::puppet
+    # we want to connect to the puppet server
+    shorewall::rule { 'me-net-puppet_tcp':
+        source          =>      '$FW',
+        destination     =>      'net:$PUPPETSERVER',
+        proto           =>      'tcp',
+        destinationport =>      '$PUPPETSERVER_PORT,$PUPPETSERVER_SIGN_PORT',
+        order           =>      340,
+        action          =>      'ACCEPT';
+    }
+}

diff --git a/manifests/rules/puppet.pp b/manifests/rules/puppet.pp
new file mode 100644 (file)
index 0000000..5b7e7b3
--- /dev/null
+++ b/manifests/rules/puppet.pp
@@ -0,0 +1,16 @@
+class shorewall::rules::puppet {
+  case $shorewall_puppetserver {
+    '': { $shorewall_puppetserver = "puppet.${domain}" } 
+  }
+  case $shorewall_puppetserver_port {
+    '': { $shorewall_puppetserver_port = '8140' }
+  }
+  case $shorewall_puppetserver_signport {
+    '': { $shorewall_puppetserver_signport = '8141' }
+  }
+  shorewall::param{
+        'PUPPETSERVER':             value => $shorewall_puppetserver;
+        'PUPPETSERVER_PORT':        value => $shorewall_puppetserver_port;
+        'PUPPETSERVER_SIGN_PORT':   value => $shorewall_puppetserver_signport;
+  }
+}

diff --git a/manifests/rules/puppet/master.pp b/manifests/rules/puppet/master.pp
new file mode 100644 (file)
index 0000000..8ef609f
--- /dev/null
+++ b/manifests/rules/puppet/master.pp
@@ -0,0 +1,11 @@
+class shorewall::rules::puppet::master {
+    include ::shorewall::rules::puppet
+    shorewall::rule { 'net-me-tcp_puppet-main':
+        source          => 'net',
+        destination     => '$FW',
+        proto           => 'tcp',
+        destinationport => '$PUPPETSERVER_PORT,$PUPPETSERVER_SIGN_PORT',
+        order           => 240,
+        action          => 'ACCEPT';
+    }
+}