gotofirehelld

manifests/firewall.pp

 # Class for skadereg firewall
 class aim_control::firewall {
-  ::server_firewall::constricto_chain { 'skadereg': }
-  ::server_firewall::rules_file { '55-permit-skadereg.rules':
-    content => template("${module_name}/55-permit-skadereg.rules.erb"),
-    require => ::Server_firewall::Constricto_chain['skadereg'],
+  firewalld_rich_rule { 'Allow 33060 from liu ipv4':
+    ensure  => present,
+    zone    => 'liu',
+    source  => { 'ipset' => 'liu-nets_v4' },
+    port    => { 'port' => 33060, 'protocol' => 'tcp' },
+    action  => 'accept',
+  }
+  firewalld_rich_rule { 'Allow 33060 from liu ipv6':
+    ensure  => present,
+    zone    => 'liu',
+    source  => { 'ipset' => 'liu-nets_v6' },
+    port    => { 'port' => 33060, 'protocol' => 'tcp' },
+    action  => 'accept',
+  }
+  firewalld_rich_rule { 'Allow ssh from liu 10.243.0.0/16':
+    ensure  => present,
+    zone    => 'liu',
+    source  => '10.243.0.0/16',
+    service => 'ssh',
+    action  => 'accept',
+  }
+  firewalld_service { 'Allow https from liu Zone':
+    ensure  => present,
+    zone    => 'liu',
+    service => 'https',
+  }
+  firewalld_service { 'Allow http from liu Zone':
+    ensure  => present,
+    zone    => 'liu',
+    service => 'http',
+  }
+  firewalld_service { 'Allow https from public Zone':
+    ensure  => present,
+    zone    => 'public',
+    service => 'https',
+  }
+  firewalld_service { 'Allow http from public Zone':
+    ensure  => present,
+    zone    => 'public',
+    service => 'http',
   }
 }

templates/55-permit-skadereg.rules.erb

-require services
-
-policy skadereg chain skadereg is
-	accept service:http
-	accept service:https
-end policy
-
-append rule INPUT -j skadereg
-append rule INPUT -s class:liu-nets -p tcp --dport 33060:33060 -j ACCEPT
-
-
-# <%# Put installed file in view mode when opened with Emacs: -%>
-# <%= "Nota bene: Puppet managed file, all local changes will be reverted." %>
-# <%= "Local" %> <%= "variables:" %>
-# mode: view
-# <%= "End:" %>