Puppet Class: krb5::kdc::firewall
- Defined in:
- manifests/kdc/firewall.pp
Summary
Set up the firewall for the KDCOverview
**NOTE: THIS IS A [PRIVATE](github.com/puppetlabs/puppetlabs-stdlib#assert_private) CLASS**
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
# File 'manifests/kdc/firewall.pp', line 29
class krb5::kdc::firewall (
Array[Simplib::Port] $kdc_ports = $krb5::kdc::config::kdc_ports,
Array[Simplib::Port] $kdc_tcp_ports = $krb5::kdc::config::kdc_tcp_ports,
Simplib::Netlist $trusted_nets = $krb5::kdc::config::_trusted_nets,
Boolean $allow_kadmind = true,
Array[Simplib::Port] $kadmind_udp_ports = [464],
Array[Simplib::Port] $kadmind_tcp_ports = [464, 749]
) {
assert_private()
simplib::assert_optional_dependency($module_name, 'simp/iptables')
include 'iptables'
if !empty($kdc_tcp_ports) {
iptables::listen::tcp_stateful { 'allow_kdc':
order => 11,
trusted_nets => $trusted_nets,
dports => $kdc_tcp_ports
}
}
if !empty($kdc_ports) {
iptables::listen::udp { 'allow_kdc':
order => 11,
trusted_nets => $trusted_nets,
dports => $kdc_ports
}
}
if $allow_kadmind {
# The ports for kadmind
iptables::listen::udp { 'allow_kadmind':
order => 11,
trusted_nets => $trusted_nets,
dports => $kadmind_udp_ports
}
iptables::listen::tcp_stateful { 'allow_kadmind':
order => 11,
trusted_nets => $trusted_nets,
dports => $kadmind_tcp_ports
}
}
}
|