class profiles::firewall {
	ensure_packages ([
		'iptables-persistent',
		'fail2ban',
	], { ensure => installed })

	file { '/etc/iptables/rules.v4':
		source => 'puppet:///modules/profiles/firewall/rules.v4',
	} ~> exec { 'reload firewall':
		command => '/usr/share/netfilter-persistent/plugins.d/15-ip4tables restart',
		refreshonly => true,
	}

	service { 'fail2ban':
		ensure => running,
		enable => true,
	}

}