diff options
| author | elijah <elijah@riseup.net> | 2013-02-27 23:46:58 -0800 | 
|---|---|---|
| committer | elijah <elijah@riseup.net> | 2013-02-27 23:46:58 -0800 | 
| commit | ffb88e54c5e4e30fa61ea1009f3eee62f98ab17c (patch) | |
| tree | 0d28846e9de15d7580b3b232aac16e2f4e8cb6e4 /puppet/modules/site_shorewall | |
| parent | 5f8b63892ec9d08471a43ac642ed8f291d27c4f5 (diff) | |
openvpn -- added support for optional "free" rate-limited service via special client certificates with the FREE prefix in the common name.
Diffstat (limited to 'puppet/modules/site_shorewall')
| -rw-r--r-- | puppet/modules/site_shorewall/manifests/dnat_rule.pp | 21 | 
1 files changed, 20 insertions, 1 deletions
| diff --git a/puppet/modules/site_shorewall/manifests/dnat_rule.pp b/puppet/modules/site_shorewall/manifests/dnat_rule.pp index 68f480d8..0b4370df 100644 --- a/puppet/modules/site_shorewall/manifests/dnat_rule.pp +++ b/puppet/modules/site_shorewall/manifests/dnat_rule.pp @@ -11,7 +11,6 @@ define site_shorewall::dnat_rule {            destinationport => $port,            order           => 100;      } -      shorewall::rule {          "dnat_udp_port_$port":            action          => 'DNAT', @@ -21,5 +20,25 @@ define site_shorewall::dnat_rule {            destinationport => $port,            order           => 100;      } +    if $site_openvpn::openvpn_allow_free { +      shorewall::rule { +          "dnat_free_tcp_port_$port": +            action          => 'DNAT', +            source          => 'net', +            destination     => "\$FW:${site_openvpn::openvpn_free_gateway_address}:1194", +            proto           => 'tcp', +            destinationport => $port, +            order           => 100; +      } +      shorewall::rule { +          "dnat_free_udp_port_$port": +            action          => 'DNAT', +            source          => 'net', +            destination     => "\$FW:${site_openvpn::openvpn_free_gateway_address}:1194", +            proto           => 'udp', +            destinationport => $port, +            order           => 100; +      } +    }    }  } | 
