Allowing all from some addresses

seocam · seocam · commit 6953eb6bbec7 · 2014-03-06T11:48:07.000-03:00
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -1,4 +1,7 @@
-class dofirewall {
+class dofirewall (
+  $allow_all_from = [],
+) {
+
   include dofirewall::pre
   include dofirewall::post
   include firewall
@@ -20,7 +23,19 @@
 
   Firewall <<| |>>
 
-  firewall { "101 accept ssh from anywhere":
+  define allow_all_from {
+    firewall { "101 accept all from $title":
+      proto  => 'all',
+      action => 'accept',
+      source => $title,
+    }
+  }
+
+  if ($allow_all_from) {
+    allow_all_from { $allow_all_from: }
+  }
+
+  firewall { "102 accept ssh from anywhere":
     proto  => 'tcp',
     port   => 22,
     action => 'accept',
