## confdroid_ssh::firewall::iptables.pp
# Module name: confdroid_ssh
# Author: 12ww1160 (12ww1160@confdroid.com)
# @summary Class manages firewall rules for SSH
##############################################################################
class confdroid_ssh::firewall::iptables (

) inherits confdroid_ssh::params {
  if $ssh_use_firewall == true {
    firewall { "${ssh_fw_order}${ssh_fw_port} allow SSH on port ${ssh_fw_port}":
      ensure => 'present',
      proto  => 'tcp',
      source => $ssh_source_range,
      dport  => $ssh_fw_port,
      jump   => 'accept',
    }
  else {
    firewall { "${ssh_fw_order}${ssh_fw_port} remove SSH on port ${ssh_fw_port}":
      ensure => 'absent',
      proto  => 'tcp',
      source => $ssh_source_range,
      dport  => $ssh_fw_port,
      jump   => 'accept',
      }
    }
  }
}