From 842a5bad4b1f931eb1381590939f3ee7843359ee Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 5 May 2025 18:13:28 +0200 Subject: [PATCH] enable firewall --- manifests/firewall/iptables.pp | 17 +++++++++++++++++ manifests/params.pp | 11 +++++++++++ 2 files changed, 28 insertions(+) create mode 100644 manifests/firewall/iptables.pp diff --git a/manifests/firewall/iptables.pp b/manifests/firewall/iptables.pp new file mode 100644 index 0000000..b2dd79f --- /dev/null +++ b/manifests/firewall/iptables.pp @@ -0,0 +1,17 @@ +## jenkins_cd::firewall::iptables.pp +# Module name: jenkins_cd +# Author: Arne Teuke (arne_teuke@confdroid.com) +# @summary Class manages Jenkins iptables +############################################################################## +class jenkins_cd::firewall::iptables ( + +) inherits jenkins_cd::params { + if ($fqdn == $js_host_fqdn) and ($js_enable_fw == true) { + firewall { "${js_fw_rule}${js_jenkins_port} tcp port ${js_jenkins_port}": + proto => 'tcp', + source => $js_source_net, + dport => $js_jenkins_port, + jump => 'accept', + } + } +} diff --git a/manifests/params.pp b/manifests/params.pp index 294e4da..1514701 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -4,6 +4,11 @@ # @summary Class holds all parameters for the jenkins_cd module. # @param [array] reqpackages which packages to install # @param [string] pkg_ensure which packages to install +# @param [string] js_host_fqdn fqdn of the host where Jenkins should run +# @param [boolean] js_enable_fw whether to enable firewall control +# @param [string] js_fw_rule the prefix for the firewall rule order +# @param [string] js_jenkins_port the port to open for Jenkins +# @param [string] js_source_net the source range to open ############################################################################## class jenkins_cd::params ( @@ -13,6 +18,12 @@ class jenkins_cd::params ( # server fqdn String $js_host_fqdn = 'jenkins.example.net', + # firewall + Boolean $js_enable_fw = true, + String $js_fw_rule = '50', + String $js_jenkins_port = '80', + String $js_source_net = '0.0.0.0/0', + ) { # facts $fqdn = $facts['networking']['fqdn']