Remove IRCbot manifest and add IPv6 http/https outgoing fw rule

droidwiki · Feb 21, 2019 · fffc392 · fffc392
1 parent 9250271
commit fffc392
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 11 deletions.
diff --git a/manifests/site.pp b/manifests/site.pp
@@ -7,7 +7,6 @@
     isslave => true,
   }
   include role::mailserver
-  include role::ircbot
   include role::puppetmaster
   include role::deploymenthost
   class { 'certbot':

diff --git a/modules/droidwiki/manifests/default.pp b/modules/droidwiki/manifests/default.pp
@@ -89,24 +89,56 @@
     action => 'accept',
   }
 
+  firewall { '300 accept outgoing https traffic IPv6':
+    proto    => 'tcp',
+    sport    => '443',
+    chain    => 'OUTPUT',
+    action   => 'accept',
+    provider => 'ip6tables',
+  }
+
   firewall { '301 accept outgoing https traffic':
     proto  => 'tcp',
     dport  => '443',
     chain  => 'OUTPUT',
     action => 'accept',
   }
 
+  firewall { '301 accept outgoing https traffic IPv6':
+    proto    => 'tcp',
+    dport    => '443',
+    chain    => 'OUTPUT',
+    action   => 'accept',
+    provider => 'ip6tables',
+  }
+
   firewall { '302 accept outgoing http traffic':
     proto  => 'tcp',
     dport  => '80',
     chain  => 'OUTPUT',
     action => 'accept',
   }
 
+  firewall { '302 accept outgoing http traffic IPv6':
+    proto    => 'tcp',
+    dport    => '80',
+    chain    => 'OUTPUT',
+    action   => 'accept',
+    provider => 'ip6tables',
+  }
+
   firewall { '303 accept outgoing http traffic':
     proto  => 'tcp',
     sport  => '80',
     chain  => 'OUTPUT',
     action => 'accept',
   }
+
+  firewall { '303 accept outgoing http traffic IPv6':
+    proto    => 'tcp',
+    sport    => '80',
+    chain    => 'OUTPUT',
+    action   => 'accept',
+    provider => 'ip6tables',
+  }
 }
diff --git a/modules/role/manifests/ircbot.pp b/modules/role/manifests/ircbot.pp