Merge branch 'firewalld-zone'

yakirgb · May 15, 2017 · c23561d · c23561d
2 parents de78078 + a9907a5
commit c23561d
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 2 deletions.
diff --git a/manifests/firewalld.pp b/manifests/firewalld.pp
@@ -5,6 +5,17 @@
 class scylla::firewalld {
 
   if $::scylla::manage_firewall {
+
+    if $::scylla::create_firewall_zone {
+      firewalld_zone{ $::scylla::firewall_zone_name:
+        ensure           => present,
+        target           => '%%REJECT%%',
+        interfaces       => $::scylla::firewall_interface,
+        purge_rich_rules => true,
+        purge_services   => true,
+        purge_ports      => true,
+      }
+    }
     firewalld::custom_service{'scylla':
       short => 'scylla',
       port  => [
@@ -43,10 +54,10 @@
       ]
     }
 
-    -> firewalld_service{ 'Allow scylla access from the internal zone':
+    -> firewalld_service{ "Allow scylla access from the ${::scylla::firewall_zone_name} zone":
       ensure  => 'present',
       service => 'scylla',
-      zone    => 'internal'
+      zone    => $::scylla::firewall_zone_name,
     }
   }
 }
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -37,6 +37,9 @@
   $jmx_port                             = $scylla::params::jmx_port,
   $node_exporter_port                   = $scylla::params::node_exporter_port,
   $manage_firewall                      = $scylla::params::manage_firewall,
+  $create_firewall_zone                 = $scylla::params::create_firewall_zone,
+  $firewall_zone_name                   = $scylla::params::firewall_zone_name,
+  $firewall_interface                   = $scylla::params::firewall_interface,
 
   ) inherits scylla::params {
 

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -51,5 +51,8 @@
 
   # Manage firewall
   $manage_firewall                     = true
+  $create_firewall_zone                = false
+  $firewall_zone_name                  = 'restricted'
+  $firewall_interface                  = 'bond0'
 
 }