notifies :restart, "service[shorewall]"
end
+template "/etc/shorewall/conntrack" do
+ source "shorewall-conntrack.erb"
+ owner "root"
+ group "root"
+ mode 0o644
+ notifies :restart, "service[shorewall]"
+end
+
template "/etc/shorewall/policy" do
source "shorewall-policy.erb"
owner "root"
rate_limit "s:1/sec:5"
end
-%w[ucl ic bm aws].each do |zone|
+%w[ucl ams bm].each do |zone|
firewall_rule "accept-openvpn-#{zone}" do
action :accept
- family :inet
source zone
dest "fw"
proto "udp"
notifies :restart, "service[shorewall6]"
end
+ template "/etc/shorewall6/conntrack" do
+ source "shorewall-conntrack.erb"
+ owner "root"
+ group "root"
+ mode 0o644
+ notifies :restart, "service[shorewall6]"
+ end
+
template "/etc/shorewall6/policy" do
source "shorewall-policy.erb"
owner "root"