From 957a441bc12859767fd440e20746b21870de52a9 Mon Sep 17 00:00:00 2001 From: Mathias Lang Date: Mon, 10 Jun 2024 13:56:49 +0200 Subject: [PATCH] Only include 'firewall' module when necessary If the user is not using an open SSL port or an open HTTP port, we don't need to include this module. --- manifests/server/firewall.pp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/manifests/server/firewall.pp b/manifests/server/firewall.pp index 4330e053..20d86e6f 100644 --- a/manifests/server/firewall.pp +++ b/manifests/server/firewall.pp @@ -7,9 +7,9 @@ $ssl_port = $puppetdb::params::ssl_listen_port, $open_ssl_port = $puppetdb::params::open_ssl_listen_port, ) inherits puppetdb::params { - include firewall - if ($open_http_port) { + include firewall + firewall { "${http_port} accept - puppetdb": dport => $http_port, proto => 'tcp', @@ -18,6 +18,8 @@ } if ($open_ssl_port) { + include firewall + firewall { "${ssl_port} accept - puppetdb": dport => $ssl_port, proto => 'tcp',