1 files changed, 31 insertions, 0 deletions

diff --git a/puppet/modules/site_shorewall/manifests/sshd.pp b/puppet/modules/site_shorewall/manifests/sshd.pp
new file mode 100644
index 00000000..e2332592
--- /dev/null
+++ b/puppet/modules/site_shorewall/manifests/sshd.pp
@@ -0,0 +1,31 @@
+# configure shorewall for sshd
+class site_shorewall::sshd {
+
+  $ssh_config     = hiera('ssh')
+  $ssh_port       = $ssh_config['port']
+
+  include shorewall
+
+  # define macro for incoming sshd
+  file { '/etc/shorewall/macro.leap_sshd':
+    content => "PARAM   -       -       tcp    ${ssh_port}",
+    notify  => Service['shorewall'],
+    require => Package['shorewall']
+  }
+
+
+  shorewall::rule {
+      # outside to server
+      'net2fw-ssh':
+        source      => 'net',
+        destination => '$FW',
+        action      => 'leap_sshd(ACCEPT)',
+        order       => 200;
+  }
+
+  # setup a routestopped rule to allow ssh when shorewall is stopped
+  shorewall::routestopped { $site_config::params::interface:
+    options => "-   tcp   ${ssh_port}"
+  }
+
+}