diff options
Diffstat (limited to 'puppet/modules/site_shorewall/manifests/dnat_rule.pp')
-rw-r--r-- | puppet/modules/site_shorewall/manifests/dnat_rule.pp | 40 |
1 files changed, 21 insertions, 19 deletions
diff --git a/puppet/modules/site_shorewall/manifests/dnat_rule.pp b/puppet/modules/site_shorewall/manifests/dnat_rule.pp index 0b4370df..e1ea86ec 100644 --- a/puppet/modules/site_shorewall/manifests/dnat_rule.pp +++ b/puppet/modules/site_shorewall/manifests/dnat_rule.pp @@ -2,30 +2,32 @@ define site_shorewall::dnat_rule { $port = $name if $port != 1194 { - shorewall::rule { - "dnat_tcp_port_$port": - action => 'DNAT', - source => 'net', - destination => "\$FW:${site_openvpn::openvpn_gateway_address}:1194", - proto => 'tcp', - destinationport => $port, - order => 100; - } - shorewall::rule { - "dnat_udp_port_$port": - action => 'DNAT', - source => 'net', - destination => "\$FW:${site_openvpn::openvpn_gateway_address}:1194", - proto => 'udp', - destinationport => $port, - order => 100; + if $site_openvpn::openvpn_allow_paid { + shorewall::rule { + "dnat_tcp_port_$port": + action => 'DNAT', + source => 'net', + destination => "\$FW:${site_openvpn::paid_gateway_address}:1194", + proto => 'tcp', + destinationport => $port, + order => 100; + } + shorewall::rule { + "dnat_udp_port_$port": + action => 'DNAT', + source => 'net', + destination => "\$FW:${site_openvpn::paid_gateway_address}:1194", + proto => 'udp', + destinationport => $port, + order => 100; + } } if $site_openvpn::openvpn_allow_free { shorewall::rule { "dnat_free_tcp_port_$port": action => 'DNAT', source => 'net', - destination => "\$FW:${site_openvpn::openvpn_free_gateway_address}:1194", + destination => "\$FW:${site_openvpn::free_gateway_address}:1194", proto => 'tcp', destinationport => $port, order => 100; @@ -34,7 +36,7 @@ define site_shorewall::dnat_rule { "dnat_free_udp_port_$port": action => 'DNAT', source => 'net', - destination => "\$FW:${site_openvpn::openvpn_free_gateway_address}:1194", + destination => "\$FW:${site_openvpn::free_gateway_address}:1194", proto => 'udp', destinationport => $port, order => 100; |