Confirm
120
edits
Changes
Add naming standards for roles
}
'''Note:''' the ssh role is a logging role, therefore it will log the connections in addition to allowing connections
=== Naming Standards ===
In order to make sure firewall policies are easy to understand and follow, having good and consistent naming practices will help ensure readability.<br />
===== Role template =====
A role should be named as such ''<type_of_traffic>_from_<name_of_source>.pp''. For example, 'nrpe_from_nagios.pp'<br />
Just like any other puppet manifest the file should start with the MPL 2.0 license header<br />
The class within should match the filename.<br />
Make sure to '''include fw::networks'''<br />
Each fw::rule resource should be title ''allow_<service_type>_from_<name_of_source>''. For example:
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
class fw::roles::nrpe_from_nagios {
include fw::networks
fw::rules { 'allow_nrpe_from_nagios':
sources => $::fw::networks::nagios,
app => 'nrpe'
}
}
=== Using profiles ===
