## puppet_cd::firewall::iptables.pp
# Module name: puppet_cd
# Author: Arne Teuke (arne_teuke@confdroid)
# @summary  Class manages firewall settings for the puppet_cd module.
###############################################################################
class puppet_cd::firewall::iptables (

) inherits puppet_cd::params {
  if $fqdn == $pt_pm_fqdn {
    firewall { '38140 open port 8140':
      proto => 'tcp',
      dport => '8140',
      jump  => 'accept',
    }
    firewall { '38443 open port 8443':
      proto => 'tcp',
      dport => '8443',
      jump  => 'accept',
    }
    if $pt_use_r10k_webhook == true {
      firewall { '38080 open port 8080':
        proto => 'tcp',
        dport => '8080',
        jump  => 'accept',
      }
    }
  }

  if $fqdn == $pt_db_fqdn {
    if $pt_use_ssl_only != true {
      firewall { "3${pt_no_ssl_port} open port ${pt_no_ssl_port}":
        proto => 'tcp',
        dport => $pt_no_ssl_port,
        jump  => 'accept',
      }
      firewall { "3${pt_ssl_port} open port ${pt_ssl_port}":
        proto => 'tcp',
        dport => $pt_ssl_port,
        jump  => 'accept',
      }
    }

    if $pt_use_ssl_only == true {
      firewall { "3${pt_ssl_port} open port ${pt_ssl_port}":
        proto => 'tcp',
        dport => $pt_ssl_port,
        jump  => 'accept',
      }
    }
  }
}