diff options
| author | Christoph Kluenter <ckluente@thoughtworks.com> | 2014-12-04 12:09:10 +0100 |
|---|---|---|
| committer | Christoph Kluenter <ckluente@thoughtworks.com> | 2014-12-04 12:09:10 +0100 |
| commit | d063e35d3e29b3cedc810b8e5ca1855c841d8f9e (patch) | |
| tree | 06e5110632156a35e6e879a9fa0455edf62f05bf /puppet/modules/site_shorewall | |
| parent | 664dca31dec0c7935ee96359209d9dcefc03e38c (diff) | |
| parent | de51b83384d97a67cdbdf1992ba9ad771a292c5d (diff) | |
Merge remote-tracking branch 'leap/develop' into check_dhcp
Diffstat (limited to 'puppet/modules/site_shorewall')
| -rw-r--r-- | puppet/modules/site_shorewall/manifests/dnat_rule.pp | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/puppet/modules/site_shorewall/manifests/dnat_rule.pp b/puppet/modules/site_shorewall/manifests/dnat_rule.pp index aa298408..f9fbe950 100644 --- a/puppet/modules/site_shorewall/manifests/dnat_rule.pp +++ b/puppet/modules/site_shorewall/manifests/dnat_rule.pp @@ -4,41 +4,45 @@ define site_shorewall::dnat_rule { if $port != 1194 { if $site_openvpn::openvpn_allow_unlimited { shorewall::rule { - "dnat_tcp_port_$port": + "dnat_tcp_port_${port}": action => 'DNAT', source => 'net', destination => "\$FW:${site_openvpn::unlimited_gateway_address}:1194", proto => 'tcp', destinationport => $port, + originaldest => $site_openvpn::unlimited_gateway_address, order => 100; } shorewall::rule { - "dnat_udp_port_$port": + "dnat_udp_port_${port}": action => 'DNAT', source => 'net', destination => "\$FW:${site_openvpn::unlimited_gateway_address}:1194", proto => 'udp', destinationport => $port, + originaldest => $site_openvpn::unlimited_gateway_address, order => 100; } } if $site_openvpn::openvpn_allow_limited { shorewall::rule { - "dnat_free_tcp_port_$port": + "dnat_free_tcp_port_${port}": action => 'DNAT', source => 'net', destination => "\$FW:${site_openvpn::limited_gateway_address}:1194", proto => 'tcp', destinationport => $port, + originaldest => $site_openvpn::unlimited_gateway_address, order => 100; } shorewall::rule { - "dnat_free_udp_port_$port": + "dnat_free_udp_port_${port}": action => 'DNAT', source => 'net', destination => "\$FW:${site_openvpn::limited_gateway_address}:1194", proto => 'udp', destinationport => $port, + originaldest => $site_openvpn::unlimited_gateway_address, order => 100; } } |