diff options
Diffstat (limited to 'puppet/modules/site_shorewall')
-rw-r--r-- | puppet/modules/site_shorewall/manifests/defaults.pp | 4 | ||||
-rw-r--r-- | puppet/modules/site_shorewall/manifests/eip.pp | 33 |
2 files changed, 24 insertions, 13 deletions
diff --git a/puppet/modules/site_shorewall/manifests/defaults.pp b/puppet/modules/site_shorewall/manifests/defaults.pp index c68b8370..88981e5f 100644 --- a/puppet/modules/site_shorewall/manifests/defaults.pp +++ b/puppet/modules/site_shorewall/manifests/defaults.pp @@ -10,8 +10,4 @@ class site_shorewall::defaults { shorewall::rule_section { 'NEW': order => 10; } - shorewall::interface {'eth0': - zone => 'net', - options => 'tcpflags,blacklist,nosmurfs'; - } } diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp index 31ee3e6c..a5af0dde 100644 --- a/puppet/modules/site_shorewall/manifests/eip.pp +++ b/puppet/modules/site_shorewall/manifests/eip.pp @@ -5,13 +5,22 @@ class site_shorewall::eip { include site_shorewall::defaults - $interface = hiera('interface') + $interface = hiera('interface') + $ssh_config = hiera('ssh') + $ssh_port = $ssh_config['port'] # define macro - file { "/etc/shorewall/macro.leap_eip": - content => 'PARAM - - tcp 53,80,443,1194 + file { '/etc/shorewall/macro.leap_eip': + content => "PARAM - - tcp 53,80,443,1194,$ssh_port PARAM - - udp 53,80,443,1194 -', } +", } + + + # define interfaces + shorewall::interface { $interface: + zone => 'net', + options => 'tcpflags,blacklist,nosmurfs'; + } shorewall::interface {'tun0': zone => 'eip', @@ -20,15 +29,21 @@ PARAM - - udp 53,80,443,1194 zone => 'eip', options => 'tcpflags,blacklist,nosmurfs'; } + shorewall::zone {'eip': type => 'ipv4'; } - shorewall::routestopped {'$interface': - interface => '$interface'; } + shorewall::routestopped { $interface: + interface => $interface; } + + + shorewall::masq { "${interface}_tcp": + interface => $interface, + source => "$site_config::eip::openvpn_tcp_network_prefix.0/$site_config::eip::openvpn_tcp_cidr"; } - shorewall::masq {'$interface': - interface => '$interface', - source => ''; } + shorewall::masq { "${interface}_udp": + interface => $interface, + source => "$site_config::eip::openvpn_udp_network_prefix.0/$site_config::eip::openvpn_udp_cidr"; } shorewall::policy { 'eip-to-all': |