diff options
Diffstat (limited to 'puppet/modules/site_shorewall/manifests/dnat_rule.pp')
-rw-r--r-- | puppet/modules/site_shorewall/manifests/dnat_rule.pp | 55 |
1 files changed, 38 insertions, 17 deletions
diff --git a/puppet/modules/site_shorewall/manifests/dnat_rule.pp b/puppet/modules/site_shorewall/manifests/dnat_rule.pp index 68f480d8..aa298408 100644 --- a/puppet/modules/site_shorewall/manifests/dnat_rule.pp +++ b/puppet/modules/site_shorewall/manifests/dnat_rule.pp @@ -2,24 +2,45 @@ define site_shorewall::dnat_rule { $port = $name if $port != 1194 { - shorewall::rule { - "dnat_tcp_port_$port": - action => 'DNAT', - source => 'net', - destination => "\$FW:${site_openvpn::openvpn_gateway_address}:1194", - proto => 'tcp', - destinationport => $port, - order => 100; + if $site_openvpn::openvpn_allow_unlimited { + shorewall::rule { + "dnat_tcp_port_$port": + action => 'DNAT', + source => 'net', + destination => "\$FW:${site_openvpn::unlimited_gateway_address}:1194", + proto => 'tcp', + destinationport => $port, + order => 100; + } + shorewall::rule { + "dnat_udp_port_$port": + action => 'DNAT', + source => 'net', + destination => "\$FW:${site_openvpn::unlimited_gateway_address}:1194", + proto => 'udp', + destinationport => $port, + order => 100; + } } - - shorewall::rule { - "dnat_udp_port_$port": - action => 'DNAT', - source => 'net', - destination => "\$FW:${site_openvpn::openvpn_gateway_address}:1194", - proto => 'udp', - destinationport => $port, - order => 100; + if $site_openvpn::openvpn_allow_limited { + shorewall::rule { + "dnat_free_tcp_port_$port": + action => 'DNAT', + source => 'net', + destination => "\$FW:${site_openvpn::limited_gateway_address}:1194", + proto => 'tcp', + destinationport => $port, + order => 100; + } + shorewall::rule { + "dnat_free_udp_port_$port": + action => 'DNAT', + source => 'net', + destination => "\$FW:${site_openvpn::limited_gateway_address}:1194", + proto => 'udp', + destinationport => $port, + order => 100; + } } } } |