diff options
author | varac <varacanero@zeromail.org> | 2012-10-08 21:54:34 +0200 |
---|---|---|
committer | varac <varacanero@zeromail.org> | 2012-10-08 21:54:34 +0200 |
commit | e373def213a4e55c37c7940195ea9cd33e604f2d (patch) | |
tree | 0cac87652eb995f377f182a6e0843671bc98bc21 /puppet/modules/site_shorewall/manifests/eip.pp | |
parent | a2fdea96778a01acabf9f1e40cc8cc295520cd61 (diff) |
+ site_shorewall::eip
Diffstat (limited to 'puppet/modules/site_shorewall/manifests/eip.pp')
-rw-r--r-- | puppet/modules/site_shorewall/manifests/eip.pp | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp new file mode 100644 index 00000000..bfa77206 --- /dev/null +++ b/puppet/modules/site_shorewall/manifests/eip.pp @@ -0,0 +1,42 @@ +class site_shorewall::eip { + + # be safe for development + $shorewall_startup='0' + + include site_shorewall::defaults + + shorewall::interface {'tun0': + zone => 'eip', + rfc1918 => $shorewall_rfc1918_maineth, + options => 'tcpflags,blacklist,nosmurfs'; } + shorewall::zone {'eip': + type => 'ipv4'; } + shorewall::routestopped {'eth0': + interface => 'eth0'; } + + shorewall::policy { + 'all-to-all': + sourcezone => 'all', + destinationzone => 'all', + policy => 'DROP', + order => 200; + } + + shorewall::rule { + 'all2all-ping': + source => 'all', + destination => 'all', + action => 'Ping(ACCEPT)', + order => 200; + 'all2all-ssh': + source => 'all', + destination => 'all', + action => 'SSH(ACCEPT)', + order => 200; + 'all2all-openvpn': + source => 'all', + destination => 'all', + action => 'OpenVPN(ACCEPT)', + order => 200; + } +} |