From 1962d25c741017c086b8b9b53bcf5d85e71a9cdb Mon Sep 17 00:00:00 2001
From: Andreas Alvarsson <andal699@student.liu.se>
Date: Wed, 2 Nov 2016 11:56:55 +0100
Subject: [PATCH] Added firewall

---
 manifests/firewall.pp                  | 7 +++++++
 manifests/init.pp                      | 3 +++
 templates/55-permit-skadereg.rules.erb | 8 ++++++++
 3 files changed, 18 insertions(+)
 create mode 100644 manifests/firewall.pp
 create mode 100644 templates/55-permit-skadereg.rules.erb

diff --git a/manifests/firewall.pp b/manifests/firewall.pp
new file mode 100644
index 0000000..267ffb9
--- /dev/null
+++ b/manifests/firewall.pp
@@ -0,0 +1,7 @@
+class skadereg::firewall{
+	::server_firewall::constricto_chain{ 'skadereg': }
+	::server_firewall::rules_file { '55-permit-skadereg.rules':
+		content => template("${module_name}/55-permit-skadereg.rules.erb"),
+		require => ::Server_firewall::Constricto_chain['skadereg'],
+	}
+}
\ No newline at end of file
diff --git a/manifests/init.pp b/manifests/init.pp
index a2eff28..98db50c 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -42,6 +42,8 @@
 #
 # Copyright 2016 Andreas Alvarsson
 #
+
+
 class skadereg {
   ::users::liu_user { 'andal699':
     commonname => 'Andreas Alvarsson',
@@ -49,6 +51,7 @@ class skadereg {
     sshkey     => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDCdb9hWgucRRTpDEH1ozBsWXfC+zTnZEO8rrnuqLlwIy23vEaUK7pJ9tQ7AzdR3+fp6yhWBNOlWC9UT70TnVClS1NfXGXHep0J0yWqNnyXcKviKpVB/p9TOVOULrRX9o3oczYxQa4Bi+eYUfk/en2V6O8tIfYtx5AdWUoofdLYNSpCyrHD1xoH7k1/c+OfW0S3fR5f12n/5u8JTHrztDnpy79CfEtwgMr1pCMjOaiM+OIDYlhNJMvlBo5C6mcDls93snctUR1Zef+sJEznb739uw91f5Yqf5FUBLxXCBi3eveJacBVRVg++ZPzyZ9VHIlBz3OPZ1WEjiM/IRJDBXD4I5MoxnM0Urv2wZBr0+G+1cS916KKraMuEfJHf2Qg4O3L3kZY2zNN5DqRmTx1BflTqe2XdPCCMQJiQi37WjE4fOGfNVsAR2VENhw/TMzc8bcagrrIzeBm3dA5e3R7nTfloPufU6IlIwI9qvCmdI2w0rE3Ve6KHtTzWszjsFtVeOzxVzYkG6GQlT1vr867Ayvx8SWE3GixHiIRByw4BEhFVJWNN/DBT88qd61StuIvWEawZ4WiTGNYfh2SVDIy9Jrcp7Nfg1knK1OtYr+wnjO9OrJtePfo0oo9xwQ3GfwCxni8YJKp40BmfWT/fpY9Pmup71adhaPxPHnELGOeVG/fGw==',
   }
 
+  include skadereg::firewall
   include ::apache
 
   class { '::apache::mod::php':
diff --git a/templates/55-permit-skadereg.rules.erb b/templates/55-permit-skadereg.rules.erb
new file mode 100644
index 0000000..81c7cf1
--- /dev/null
+++ b/templates/55-permit-skadereg.rules.erb
@@ -0,0 +1,8 @@
+require services
+
+policy skadereg chain skadereg is
+	accept service:http
+	accept service:https
+end policy
+
+append rule INPUT -j skadereg
\ No newline at end of file
-- 
GitLab