From 916b1f0f97288db063cc8cec23a54d4253940d0d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@hornquist.se>
Date: Tue, 29 Jun 2021 22:43:52 +0200
Subject: Firewall.

---
 modules/profiles/manifests/firewall.pp | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 modules/profiles/manifests/firewall.pp

(limited to 'modules/profiles/manifests')

diff --git a/modules/profiles/manifests/firewall.pp b/modules/profiles/manifests/firewall.pp
new file mode 100644
index 0000000..6c9d7e6
--- /dev/null
+++ b/modules/profiles/manifests/firewall.pp
@@ -0,0 +1,19 @@
+class profiles::firewall {
+	ensure_packages ([
+		'iptables-persistent',
+		'fail2ban',
+	], { ensure => installed })
+
+	file { '/etc/iptables/rules.v4':
+		source => 'puppet:///modules/profiles/firewall/rules.v4',
+	} ~> exec { 'reload firewall':
+		command => '/usr/share/netfilter-persistent/plugins.d/15-ip4tables restart',
+		refreshonly => true,
+	}
+
+	service { 'fail2ban':
+		ensure => running,
+		enable => true,
+	}
+
+}
-- 
cgit v1.2.3