Commit 0495b549 authored by Jonathan Gazeley's avatar Jonathan Gazeley
Browse files

Add support for adding firewall rules to clients

parent c8c38bb3
......@@ -10,6 +10,8 @@ define freeradius::client (
$netmask = undef,
$redirect = undef,
$port = undef,
$srcip = undef,
$firewall = false,
) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
......@@ -24,4 +26,33 @@ define freeradius::client (
require => [File["${fr_basepath}/clients.d"], Group[$fr_group]],
notify => Service[$fr_service],
}
if $firewall {
if $port {
if $ip {
firewall { "100-${shortname}-${port}-v4":
proto => 'udp',
dport => $port,
action => 'accept',
source => $net ? {
undef => $ip,
default => "${ip}/${net}",
},
}
} elsif $ip6 {
firewall { "100-${shortname}-${port}-v6":
proto => 'udp',
dport => $port,
action => 'accept',
provider => 'ip6tables',
source => $net ? {
undef => $ip6,
default => "${ip6}/${net}",
},
}
}
} else {
fail('Must specify $port if you specify $firewall')
}
}
}
......@@ -29,6 +29,10 @@
"name": "puppetlabs/stdlib",
"version_range": ">= 1.0.0"
},
{
"name": "puppetlabs/firewall",
"version_range": ">= 1.0.0"
},
{
"name": "jgazeley/syslog",
"version_range": ">= 0.1.0"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment