diff --git a/manifests/firewall/iptables.pp b/manifests/firewall/iptables.pp
new file mode 100644
index 0000000..6d6b767
--- /dev/null
+++ b/manifests/firewall/iptables.pp
@@ -0,0 +1,35 @@
+## cd_nrpe::firewall::iptables.pp
+# Module name: cd_nrpe
+# Author: Arne Teuke (arne_teuke@ConfDroid.com)
+# # License:
+# This file is part of cd_nrpe.
+#
+# cd_nrpe is used for providing automatic configuration of NRPE.
+# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+# @summary manage firewall settings through cd_firewall or puppetlabs-firewall
+###############################################################################
+class cd_nrpe::firewall::iptables (
+
+) inherits cd_nrpe::params {
+
+ if $ne_incl_fw == true {
+
+ firewall { "${ne_fw_order_no}${ne_nrpe_port} tcp ${ne_nrpe_port}":
+ proto => ['tcp','udp'],
+ dport => $ne_nrpe_port',
+ action => 'accept',
+ }
+ }
+}
diff --git a/manifests/main/config.pp b/manifests/main/config.pp
index 5de9f5c..c703487 100644
--- a/manifests/main/config.pp
+++ b/manifests/main/config.pp
@@ -4,8 +4,7 @@
# # License:
# This file is part of cd_nrpe.
#
-# cd_nrpe is used for providing automatic configuration of
-#
+# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
diff --git a/manifests/main/dirs.pp b/manifests/main/dirs.pp
index cf50cee..5e7ef09 100644
--- a/manifests/main/dirs.pp
+++ b/manifests/main/dirs.pp
@@ -4,8 +4,7 @@
# # License:
# This file is part of cd_nrpe.
#
-# cd_nrpe is used for providing automatic configuration of
-#
+# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
diff --git a/manifests/main/files.pp b/manifests/main/files.pp
index cc817b8..19b999d 100644
--- a/manifests/main/files.pp
+++ b/manifests/main/files.pp
@@ -4,8 +4,7 @@
# # License:
# This file is part of cd_nrpe.
#
-# cd_nrpe is used for providing automatic configuration of
-#
+# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
diff --git a/manifests/main/install.pp b/manifests/main/install.pp
index 9c912c6..1fd4d68 100644
--- a/manifests/main/install.pp
+++ b/manifests/main/install.pp
@@ -4,8 +4,7 @@
# # License:
# This file is part of cd_nrpe.
#
-# cd_nrpe is used for providing automatic configuration of
-#
+# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
diff --git a/manifests/main/service.pp b/manifests/main/service.pp
index 782b110..dcfcc70 100644
--- a/manifests/main/service.pp
+++ b/manifests/main/service.pp
@@ -4,8 +4,7 @@
# # License:
# This file is part of cd_nrpe.
#
-# cd_nrpe is used for providing automatic configuration of
-#
+# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -25,6 +24,10 @@ class cd_nrpe::main::service (
) inherits cd_nrpe::params {
+ if $ne_incl_fw == true {
+ require cd_nrpe::firewall::iptables
+ }
+
require cd_nrpe::main::files
service { $ne_service:
diff --git a/manifests/main/user.pp b/manifests/main/user.pp
index dc8e409..0544328 100644
--- a/manifests/main/user.pp
+++ b/manifests/main/user.pp
@@ -4,8 +4,7 @@
# # License:
# This file is part of cd_nrpe.
#
-# cd_nrpe is used for providing automatic configuration of
-#
+# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
diff --git a/manifests/params.pp b/manifests/params.pp
index 0c8add9..74f271d 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -4,8 +4,7 @@
# # License:
# This file is part of cd_nrpe.
#
-# cd_nrpe is used for providing automatic configuration of
-#
+# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -83,6 +82,8 @@
# @param [string] ne_include_file include definitions from an external
# config file.
# @param [string] ne_include_dir
+# @param [string] ne_fw_order_no ordering prefix for he firewall rules. Adjust
+# to yoru environment if needed.
###############################################################################
class cd_nrpe::params (
@@ -125,7 +126,7 @@ $ne_include_file = '',
# firewall
$ne_incl_fw = true,
-
+$ne_fw_order_no = '50',
) {