X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/blobdiff_plain/efbe5b137d7f15040496b8f3c13969597c5972b3..93278775f0877b33c24e18cc9fa837c315d95fcc:/scripts/domtool-publish?pf=hcoop

diff --git a/scripts/domtool-publish b/scripts/domtool-publish
index cd5e196..3450703 100755
--- a/scripts/domtool-publish
+++ b/scripts/domtool-publish
@@ -95,6 +95,26 @@ case $1 in
 	       # rules?
 	       /bin/cp /var/domtool/firewall/*.conf /etc/ferm/
 	       /etc/init.d/ferm reload
+	       ;;
+	firewallpuppet)
+	       # new firewall publishing method that integrates with puppet (sort of)
+	       /bin/cp /var/domtool/firewall/*.conf /etc/ferm/
+	       if [ ! -d /etc/puppetlabs ]; then
+		   # legacy node
+		   /etc/init.d/ferm reload
+		   exit
+	       fi
+	       if ( /usr/sbin/ferm --noexec /etc/ferm/ferm.conf ); then
+		   for chain in FERM-INPUT FERM-OUTPUT; do
+		       /sbin/iptables -F $chain
+		       /sbin/ip6tables -F $chain
+
+		       /usr/sbin/ferm --domain ip  --noexec --lines /etc/ferm/ferm.conf | iptables-restore --noflush
+       		       /usr/sbin/ferm --domain ip6 --noexec --lines /etc/ferm/ferm.conf | ip6tables-restore --noflush
+		   done
+	       else
+		   echo "firewall: ferm failed, aborting regeneration."
+	       fi
 	;;
 	*)
 		echo "Usage: domtool-publish [apache|bind|courier|exim|mailman|smtplog STRING|users|firewall]"