enable firewall

manifests/firewall/iptables.pp

@@ -0,0 +1,17 @@
+## jenkins_cd::firewall::iptables.pp
+# Module name: jenkins_cd
+# Author: Arne Teuke (arne_teuke@confdroid.com)
+# @summary Class manages Jenkins iptables
+##############################################################################
+class jenkins_cd::firewall::iptables (
+
+) inherits jenkins_cd::params {
+  if ($fqdn == $js_host_fqdn) and ($js_enable_fw == true) {
+    firewall { "${js_fw_rule}${js_jenkins_port} tcp port ${js_jenkins_port}":
+      proto  => 'tcp',
+      source => $js_source_net,
+      dport  => $js_jenkins_port,
+      jump   => 'accept',
+    }
+  }
+}

manifests/params.pp

@@ -4,6 +4,11 @@
 # @summary Class holds all parameters for the jenkins_cd module.
 # @param [array] reqpackages which packages to install
 # @param [string] pkg_ensure which packages to install
+# @param [string] js_host_fqdn fqdn of the host where Jenkins should run
+# @param [boolean] js_enable_fw whether to enable firewall control
+# @param [string] js_fw_rule the prefix for the firewall rule order
+# @param [string] js_jenkins_port the port to open for Jenkins
+# @param [string] js_source_net the source range to open
 ##############################################################################
 class jenkins_cd::params (
 
@@ -13,6 +18,12 @@ class jenkins_cd::params (
   # server fqdn
   String $js_host_fqdn    = 'jenkins.example.net',
 
+  # firewall
+  Boolean $js_enable_fw   = true,
+  String $js_fw_rule      = '50',
+  String $js_jenkins_port = '80',
+  String $js_source_net   = '0.0.0.0/0',
+
 ) {
   # facts
   $fqdn                   = $facts['networking']['fqdn']