Untitled

define iptables::rule($ports, $protocol="tcp", $ensure="permit", $roles=undef,
                      $sources=undef) {
  include iptables

  # Validate $ensure
  case $ensure {
    "permit": { $target = "ACCEPT" }
    "reject": { $target = "REJECT" }
    "drop": { $target = "DROP" }
    default: { fail("Invalid value ensure => '$ensure' for Iptables::Rule[$name]. Must be permit, reject, or drop") }
  }

  # Validate $protocol
  case $protocol {
    "tcp", "icmp", "udp": { }
    default: { fail("Invalid value protocol => '$protocol' for Iptables::Rule[$name]. Must be tcp, icmp, or udp") }
  }

  # If no roles or sources are specified, default to 'any'
  if $roles == undef and $sources == undef {
    $any_source = true
  } else {
    $any_source = false
  }

  file {
    "/etc/iptables.d/iptables.$name":
      ensure => file,
      content => template("iptables/rule.erb");
  }
}