diff options
| author | elijah <elijah@riseup.net> | 2013-02-27 23:46:58 -0800 |
|---|---|---|
| committer | elijah <elijah@riseup.net> | 2013-02-27 23:46:58 -0800 |
| commit | ffb88e54c5e4e30fa61ea1009f3eee62f98ab17c (patch) | |
| tree | 0d28846e9de15d7580b3b232aac16e2f4e8cb6e4 /puppet/modules/site_shorewall | |
| parent | 5f8b63892ec9d08471a43ac642ed8f291d27c4f5 (diff) | |
openvpn -- added support for optional "free" rate-limited service via special client certificates with the FREE prefix in the common name.
Diffstat (limited to 'puppet/modules/site_shorewall')
| -rw-r--r-- | puppet/modules/site_shorewall/manifests/dnat_rule.pp | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/puppet/modules/site_shorewall/manifests/dnat_rule.pp b/puppet/modules/site_shorewall/manifests/dnat_rule.pp index 68f480d8..0b4370df 100644 --- a/puppet/modules/site_shorewall/manifests/dnat_rule.pp +++ b/puppet/modules/site_shorewall/manifests/dnat_rule.pp @@ -11,7 +11,6 @@ define site_shorewall::dnat_rule { destinationport => $port, order => 100; } - shorewall::rule { "dnat_udp_port_$port": action => 'DNAT', @@ -21,5 +20,25 @@ define site_shorewall::dnat_rule { destinationport => $port, order => 100; } + if $site_openvpn::openvpn_allow_free { + shorewall::rule { + "dnat_free_tcp_port_$port": + action => 'DNAT', + source => 'net', + destination => "\$FW:${site_openvpn::openvpn_free_gateway_address}:1194", + proto => 'tcp', + destinationport => $port, + order => 100; + } + shorewall::rule { + "dnat_free_udp_port_$port": + action => 'DNAT', + source => 'net', + destination => "\$FW:${site_openvpn::openvpn_free_gateway_address}:1194", + proto => 'udp', + destinationport => $port, + order => 100; + } + } } } |