Nils Olof Paulsson
--- a/manifests/firewall.pp

+ 40

− 4
+++ b/manifests/firewall.pp

+ 40

− 4
 # Class for skadereg firewall
 class aim_control::firewall {
-  ::server_firewall::constricto_chain { 'skadereg': }
-  ::server_firewall::rules_file { '55-permit-skadereg.rules':
-    content => template("${module_name}/55-permit-skadereg.rules.erb"),
-    require => ::Server_firewall::Constricto_chain['skadereg'],
+  firewalld_rich_rule { 'Allow 33060 from liu ipv4':
+    ensure  => present,
+    zone    => 'liu',
+    source  => { 'ipset' => 'liu-nets_v4' },
+    port    => { 'port' => 33060, 'protocol' => 'tcp' },
+    action  => 'accept',
+  }
+  firewalld_rich_rule { 'Allow 33060 from liu ipv6':
+    ensure  => present,
+    zone    => 'liu',
+    source  => { 'ipset' => 'liu-nets_v6' },
+    port    => { 'port' => 33060, 'protocol' => 'tcp' },
+    action  => 'accept',
+  }
+  firewalld_rich_rule { 'Allow ssh from liu 10.243.0.0/16':
+    ensure  => present,
+    zone    => 'liu',
+    source  => '10.243.0.0/16',
+    service => 'ssh',
+    action  => 'accept',
+  }
+  firewalld_service { 'Allow https from liu Zone':
+    ensure  => present,
+    zone    => 'liu',
+    service => 'https',
+  }
+  firewalld_service { 'Allow http from liu Zone':
+    ensure  => present,
+    zone    => 'liu',
+    service => 'http',
+  }
+  firewalld_service { 'Allow https from public Zone':
+    ensure  => present,
+    zone    => 'public',
+    service => 'https',
+  }
+  firewalld_service { 'Allow http from public Zone':
+    ensure  => present,
+    zone    => 'public',
+    service => 'http',
  }
 }