added support for "limited" service levels (although vpn is not yet actually rate limited).

author: elijah <elijah@riseup.net> 2013-03-17 13:15:51 -0700
committer: elijah <elijah@riseup.net> 2013-03-17 13:15:51 -0700
commit: ad62cfdad04c8f8ed9d6454f716c92e850ac53ba (patch)
tree: c4321297d2b60edc37ca10501340cb865d95bfa5 /puppet/modules/site_shorewall/manifests/dnat_rule.pp
parent: 4ec32a1f773918b2c7a42c117fbad110c07df458 (diff)
1 files changed, 21 insertions, 19 deletions
diff --git a/puppet/modules/site_shorewall/manifests/dnat_rule.pp b/puppet/modules/site_shorewall/manifests/dnat_rule.pp
index 0b4370df..e1ea86ec 100644
--- a/puppet/modules/site_shorewall/manifests/dnat_rule.pp
+++ b/puppet/modules/site_shorewall/manifests/dnat_rule.pp
@@ -2,30 +2,32 @@ define site_shorewall::dnat_rule {
 
   $port = $name
   if $port != 1194 {
-    shorewall::rule {
-        "dnat_tcp_port_$port":
-          action          => 'DNAT',
-          source          => 'net',
-          destination     => "\$FW:${site_openvpn::openvpn_gateway_address}:1194",
-          proto           => 'tcp',
-          destinationport => $port,
-          order           => 100;
-    }
-    shorewall::rule {
-        "dnat_udp_port_$port":
-          action          => 'DNAT',
-          source          => 'net',
-          destination     => "\$FW:${site_openvpn::openvpn_gateway_address}:1194",
-          proto           => 'udp',
-          destinationport => $port,
-          order           => 100;
+    if $site_openvpn::openvpn_allow_paid {
+      shorewall::rule {
+          "dnat_tcp_port_$port":
+            action          => 'DNAT',
+            source          => 'net',
+            destination     => "\$FW:${site_openvpn::paid_gateway_address}:1194",
+            proto           => 'tcp',
+            destinationport => $port,
+            order           => 100;
+      }
+      shorewall::rule {
+          "dnat_udp_port_$port":
+            action          => 'DNAT',
+            source          => 'net',
+            destination     => "\$FW:${site_openvpn::paid_gateway_address}:1194",
+            proto           => 'udp',
+            destinationport => $port,
+            order           => 100;
+      }
     }
     if $site_openvpn::openvpn_allow_free {
       shorewall::rule {
           "dnat_free_tcp_port_$port":
             action          => 'DNAT',
             source          => 'net',
-            destination     => "\$FW:${site_openvpn::openvpn_free_gateway_address}:1194",
+            destination     => "\$FW:${site_openvpn::free_gateway_address}:1194",
             proto           => 'tcp',
             destinationport => $port,
             order           => 100;
@@ -34,7 +36,7 @@ define site_shorewall::dnat_rule {
           "dnat_free_udp_port_$port":
             action          => 'DNAT',
             source          => 'net',
-            destination     => "\$FW:${site_openvpn::openvpn_free_gateway_address}:1194",
+            destination     => "\$FW:${site_openvpn::free_gateway_address}:1194",
             proto           => 'udp',
             destinationport => $port,
             order           => 100;
author	elijah <elijah@riseup.net>	2013-03-17 13:15:51 -0700
committer	elijah <elijah@riseup.net>	2013-03-17 13:15:51 -0700
commit	ad62cfdad04c8f8ed9d6454f716c92e850ac53ba (patch)
tree	c4321297d2b60edc37ca10501340cb865d95bfa5 /puppet/modules/site_shorewall/manifests/dnat_rule.pp
parent	4ec32a1f773918b2c7a42c117fbad110c07df458 (diff)