diff options
Diffstat (limited to 'puppet/modules/site_shorewall')
| -rw-r--r-- | puppet/modules/site_shorewall/manifests/dnat_rule.pp | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/puppet/modules/site_shorewall/manifests/dnat_rule.pp b/puppet/modules/site_shorewall/manifests/dnat_rule.pp index aa298408..f9fbe950 100644 --- a/puppet/modules/site_shorewall/manifests/dnat_rule.pp +++ b/puppet/modules/site_shorewall/manifests/dnat_rule.pp @@ -4,41 +4,45 @@ define site_shorewall::dnat_rule { if $port != 1194 { if $site_openvpn::openvpn_allow_unlimited { shorewall::rule { - "dnat_tcp_port_$port": + "dnat_tcp_port_${port}": action => 'DNAT', source => 'net', destination => "\$FW:${site_openvpn::unlimited_gateway_address}:1194", proto => 'tcp', destinationport => $port, + originaldest => $site_openvpn::unlimited_gateway_address, order => 100; } shorewall::rule { - "dnat_udp_port_$port": + "dnat_udp_port_${port}": action => 'DNAT', source => 'net', destination => "\$FW:${site_openvpn::unlimited_gateway_address}:1194", proto => 'udp', destinationport => $port, + originaldest => $site_openvpn::unlimited_gateway_address, order => 100; } } if $site_openvpn::openvpn_allow_limited { shorewall::rule { - "dnat_free_tcp_port_$port": + "dnat_free_tcp_port_${port}": action => 'DNAT', source => 'net', destination => "\$FW:${site_openvpn::limited_gateway_address}:1194", proto => 'tcp', destinationport => $port, + originaldest => $site_openvpn::unlimited_gateway_address, order => 100; } shorewall::rule { - "dnat_free_udp_port_$port": + "dnat_free_udp_port_${port}": action => 'DNAT', source => 'net', destination => "\$FW:${site_openvpn::limited_gateway_address}:1194", proto => 'udp', destinationport => $port, + originaldest => $site_openvpn::unlimited_gateway_address, order => 100; } } |