diff options
author | varac <varacanero@zeromail.org> | 2012-10-09 00:46:06 +0200 |
---|---|---|
committer | varac <varacanero@zeromail.org> | 2012-10-09 00:46:06 +0200 |
commit | c716f40cf2011c3141e2e7150fd3f928ffac626a (patch) | |
tree | a3ac6b324b1601f97be001e5749dbadb0ae10588 /puppet | |
parent | 81c20fd7d39300c27a2d8196871a832767c5623a (diff) |
shorewall: made rules more precise, use own macro
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/modules/site_shorewall/manifests/eip.pp | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp index 590a01ba..8624af87 100644 --- a/puppet/modules/site_shorewall/manifests/eip.pp +++ b/puppet/modules/site_shorewall/manifests/eip.pp @@ -5,6 +5,10 @@ class site_shorewall::eip { include site_shorewall::defaults + # define macro + file { "/etc/shorewall/macro.leap_eip": + content => 'PARAM - - - 53,80,443,1194', } + shorewall::interface {'tun0': zone => 'eip', options => 'tcpflags,blacklist,nosmurfs'; } @@ -41,15 +45,16 @@ class site_shorewall::eip { destination => 'all', action => 'Ping(ACCEPT)', order => 200; - 'all2all-ssh': - source => 'all', - destination => 'all', + + 'net2fw-ssh': + source => 'net', + destination => '$FW', action => 'SSH(ACCEPT)', order => 200; - 'all2all-openvpn': - source => 'all', - destination => 'all', - action => 'OpenVPN(ACCEPT)', + 'net2fw-openvpn': + source => 'net', + destination => '$FW', + action => 'leap_eip(ACCEPT)', order => 200; # eip gw itself to outside |