diff options
| author | Micah Anderson <micah@riseup.net> | 2013-07-09 16:43:39 +0100 |
|---|---|---|
| committer | Micah Anderson <micah@riseup.net> | 2013-07-09 16:43:39 +0100 |
| commit | b4077083b971377636754b2988668a6ddd384da5 (patch) | |
| tree | b8e358b5f0f6dfa882d31d7446266111bc0d201b /puppet/modules/site_shorewall/manifests/dnat_rule.pp | |
| parent | 625aaa11138bba365958391664299692402f8da4 (diff) | |
| parent | 672154a8322901b86c9882854234eae53221a38e (diff) | |
Merge remote-tracking branch 'origin/develop'0.2.2
Conflicts:
provider_base/services/webapp.json
Diffstat (limited to 'puppet/modules/site_shorewall/manifests/dnat_rule.pp')
| -rw-r--r-- | puppet/modules/site_shorewall/manifests/dnat_rule.pp | 55 |
1 files changed, 38 insertions, 17 deletions
diff --git a/puppet/modules/site_shorewall/manifests/dnat_rule.pp b/puppet/modules/site_shorewall/manifests/dnat_rule.pp index 68f480d8..aa298408 100644 --- a/puppet/modules/site_shorewall/manifests/dnat_rule.pp +++ b/puppet/modules/site_shorewall/manifests/dnat_rule.pp @@ -2,24 +2,45 @@ define site_shorewall::dnat_rule { $port = $name if $port != 1194 { - shorewall::rule { - "dnat_tcp_port_$port": - action => 'DNAT', - source => 'net', - destination => "\$FW:${site_openvpn::openvpn_gateway_address}:1194", - proto => 'tcp', - destinationport => $port, - order => 100; + if $site_openvpn::openvpn_allow_unlimited { + shorewall::rule { + "dnat_tcp_port_$port": + action => 'DNAT', + source => 'net', + destination => "\$FW:${site_openvpn::unlimited_gateway_address}:1194", + proto => 'tcp', + destinationport => $port, + order => 100; + } + shorewall::rule { + "dnat_udp_port_$port": + action => 'DNAT', + source => 'net', + destination => "\$FW:${site_openvpn::unlimited_gateway_address}:1194", + proto => 'udp', + destinationport => $port, + order => 100; + } } - - shorewall::rule { - "dnat_udp_port_$port": - action => 'DNAT', - source => 'net', - destination => "\$FW:${site_openvpn::openvpn_gateway_address}:1194", - proto => 'udp', - destinationport => $port, - order => 100; + if $site_openvpn::openvpn_allow_limited { + shorewall::rule { + "dnat_free_tcp_port_$port": + action => 'DNAT', + source => 'net', + destination => "\$FW:${site_openvpn::limited_gateway_address}:1194", + proto => 'tcp', + destinationport => $port, + order => 100; + } + shorewall::rule { + "dnat_free_udp_port_$port": + action => 'DNAT', + source => 'net', + destination => "\$FW:${site_openvpn::limited_gateway_address}:1194", + proto => 'udp', + destinationport => $port, + order => 100; + } } } } |