## puppet_cd::firewall::iptables.pp
# Module name: puppet_cd
# Author: Arne Teuke (arne_teuke@confdroid)
# @summary  Class manages firewall settings for the puppet_cd module.
###############################################################################
class puppet_cd::firewall::iptables (

) inherits puppet_cd::params {
  if $fqdn == $pt_pm_fqdn {
    firewall { '38140 open port 8140':
      proto => 'tcp',
      dport => '8140',
      jump  => 'accept',
    }
    firewall { '38443 open port 8443':
      proto => 'tcp',
      dport => '8443',
      jump  => 'accept',
    }
    if $pt_use_r10k_webhook == true {
      firewall { "3${pt_r10k_webhook_port} open port ${pt_r10k_webhook_port}":
        proto  => 'tcp',
        source => '10.0.1.0/24',
        dport  => $pt_r10k_webhook_port,
        jump   => 'accept',
      }
    }
  }
  if ($pt_puppetdb_fqdn == $fqdn) and ($pt_use_puppetdb == true) {
    firewall { "3${pt_https_port} open port ${pt_https_port}":
      proto => 'tcp',
      dport => $pt_https_port,
      jump  => 'accept',
    }
  }
}