Merge pull request #23 from rehanone/develop/ferm-as-firewall

- Apply firewall rules if `ferm` is defined as firewall manager. It u…
rehanone · May 6, 2020 · c30a6c7 · c30a6c7
2 parents f4f4f32 + 794be5c
commit c30a6c7
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 15 deletions.
diff --git a/manifests/firewall.pp b/manifests/firewall.pp
@@ -2,12 +2,23 @@
 
   assert_private("Use of private class ${name} by ${caller_module_name}")
 
-  if $nginx::firewall_manage and defined('::firewall') {
+  if $nginx::firewall_manage {
     $nginx::service_ports.each |$port, $proto| {
-      firewall { "${port} Allow inbound ${proto} connection on port: ${port}":
-        dport  => $port,
-        proto  => $proto,
-        action => accept,
+      if defined('::firewall') {
+        firewall { "${port} - NGINX - Allow inbound ${proto} connection on port: ${port}":
+          dport  => $port,
+          proto  => $proto,
+          action => accept,
+        }
+      }
+
+      if defined('::ferm') {
+        ferm::rule { "NGINX - Allow inbound ${proto} connection on port: ${port}":
+          chain  => 'INPUT',
+          proto  => $proto,
+          dport  => "(${port})",
+          action => 'ACCEPT',
+        }
       }
     }
   }

diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml