Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- bundle agent firewall_iptables_config {
- vars:
- "template" string => "$(sipx.SIPX_CONFDIR)/firewall/iptables.erb";
- "post_erb" string => "$(sipx.SIPX_TMPDIR)/iptables.post_erb";
- "iptables" string => "$(sipx.SIPX_TMPDIR)/iptables";
- "unapplied" string => "$(sipx.SIPX_TMPDIR)/iptables.unapplied";
- "data" string => "$(sipx.SIPX_CFDATA)/$(sipx.location_id)/firewall.yaml";
- classes:
- "apply_iptables" expression => fileexists("$(unapplied)");
- files:
- any::
- "$(post_erb)"
- comment => "Preprocess fireall template $(this.promiser)",
- create => "true",
- transformer => "$(sipx.SIPX_LIBEXECDIR)/sipx-config-maker \
- --in $(data) --out $(post_erb) --template $(template)";
- "$(iptables)"
- comment => "Installing iptables config $(this.promoiser)",
- perms => mog("0644","root","root"),
- create => "true",
- edit_defaults => empty,
- edit_line => expand_template("$(post_erb)"),
- classes => if_repaired("new_iptables");
- new_iptables::
- "$(unapplied)"
- create => "true",
- comment => "Outstanding iptables to install",
- copy_from => local_cp("$(iptables)"),
- classes => if_repaired("apply_iptables");
- commands:
- apply_iptables.!unmanaged_firewall::
- "/sbin/iptables-restore"
- comment => "Install new firewall rules",
- contain => in_shell,
- args => "< $(unapplied) && /etc/init.d/iptables save && rm $(unapplied)";
- }
Add Comment
Please, Sign In to add comment