manifests/firewall/iptables.pp

## puppet_cd::firewall::iptables.pp
# Module name: puppet_cd
# Author: Arne Teuke (arne_teuke@confdroid)
# @summary  Class manages firewall settings for the puppet_cd module.
###############################################################################
class puppet_cd::firewall::iptables (

) inherits puppet_cd::params {
  if $fqdn == $pt_pm_fqdn {
    firewall { '38140 open port 8140':
      proto => 'tcp',
      dport => '8140',
      jump  => 'accept',
    }
    firewall { '38443 open port 8443':
      proto => 'tcp',
      dport => '8443',
      jump  => 'accept',
    }
    if $pt_use_r10k_webhook == true {
      firewall { "3${pt_r10k_webhook_port} open port ${pt_r10k_webhook_port}":
        proto  => 'tcp',
        source => '10.0.1.0/24',
        dport  => $pt_r10k_webhook_port,
        jump   => 'accept',
      }
    }
  }
  if ($pt_puppetdb_fqdn == $fqdn) and ($pt_use_puppetdb == true) {
    firewall { "3${pt_https_port} open port ${pt_https_port}":
      proto => 'tcp',
      dport => $pt_https_port,
      jump  => 'accept',
    }
  }
}
fix firewall 2025-02-26 16:15:21 +01:00			`## puppet_cd::firewall::iptables.pp`
add iptables 2025-02-26 01:31:48 +01:00			`# Module name: puppet_cd`
			`# Author: Arne Teuke (arne_teuke@confdroid)`
			`# @summary Class manages firewall settings for the puppet_cd module.`
			`###############################################################################`
			`class puppet_cd::firewall::iptables (`

fix firewall 2025-02-26 16:15:21 +01:00			`) inherits puppet_cd::params {`
			`if $fqdn == $pt_pm_fqdn {`
add service and iptables 2025-02-26 01:44:56 +01:00			`firewall { '38140 open port 8140':`
fix firewall 2025-02-26 16:15:21 +01:00			`proto => 'tcp',`
			`dport => '8140',`
			`jump => 'accept',`
add service and iptables 2025-02-26 01:44:56 +01:00			`}`
			`firewall { '38443 open port 8443':`
fix firewall 2025-02-26 16:15:21 +01:00			`proto => 'tcp',`
			`dport => '8443',`
			`jump => 'accept',`
add service and iptables 2025-02-26 01:44:56 +01:00			`}`
finish webhook sections - https://gitlab.confdroid.com/internal/confdroid_management/-/issues/284 2025-10-23 17:21:00 +02:00			`if $pt_use_r10k_webhook == true {`
move to webrick webhook - https://gitlab.confdroid.com/internal/confdroid_management/-/issues/284 2025-10-26 14:22:29 +01:00			`firewall { "3${pt_r10k_webhook_port} open port ${pt_r10k_webhook_port}":`
add source - https://gitlab.confdroid.com/internal/confdroid_management/-/issues/284 2025-10-26 15:31:02 +01:00			`proto => 'tcp',`
			`source => '10.0.1.0/24',`
			`dport => $pt_r10k_webhook_port,`
			`jump => 'accept',`
finish webhook sections - https://gitlab.confdroid.com/internal/confdroid_management/-/issues/284 2025-10-23 17:21:00 +02:00			`}`
			`}`
add iptables 2025-02-26 01:31:48 +01:00			`}`
transfer parameters, iptables and service to puppet_cd - https://gitlab.confdroid.com/internal/confdroid_management/-/issues/292 2025-11-01 16:38:56 +01:00			`if ($pt_puppetdb_fqdn == $fqdn) and ($pt_use_puppetdb == true) {`
			`firewall { "3${pt_https_port} open port ${pt_https_port}":`
			`proto => 'tcp',`
			`dport => $pt_https_port,`
			`jump => 'accept',`
			`}`
			`}`
add iptables 2025-02-26 01:31:48 +01:00			`}`