diff options
Diffstat (limited to 'puppet/modules/site_shorewall')
| -rw-r--r-- | puppet/modules/site_shorewall/manifests/defaults.pp | 4 | ||||
| -rw-r--r-- | puppet/modules/site_shorewall/manifests/eip.pp | 35 |
2 files changed, 26 insertions, 13 deletions
diff --git a/puppet/modules/site_shorewall/manifests/defaults.pp b/puppet/modules/site_shorewall/manifests/defaults.pp index c68b8370..88981e5f 100644 --- a/puppet/modules/site_shorewall/manifests/defaults.pp +++ b/puppet/modules/site_shorewall/manifests/defaults.pp @@ -10,8 +10,4 @@ class site_shorewall::defaults { shorewall::rule_section { 'NEW': order => 10; } - shorewall::interface {'eth0': - zone => 'net', - options => 'tcpflags,blacklist,nosmurfs'; - } } diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp index 0902039c..34268125 100644 --- a/puppet/modules/site_shorewall/manifests/eip.pp +++ b/puppet/modules/site_shorewall/manifests/eip.pp @@ -1,15 +1,26 @@ class site_shorewall::eip { # be safe for development - $shorewall_startup='0' + #$shorewall_startup='0' include site_shorewall::defaults + $interface = hiera('interface') + $ssh_config = hiera('ssh') + $ssh_port = $ssh_config['port'] + # define macro - file { "/etc/shorewall/macro.leap_eip": - content => 'PARAM - - tcp 53,80,443,1194 + file { '/etc/shorewall/macro.leap_eip': + content => "PARAM - - tcp 53,80,443,1194,$ssh_port PARAM - - udp 53,80,443,1194 -', } +", } + + + # define interfaces + shorewall::interface { $interface: + zone => 'net', + options => 'tcpflags,blacklist,nosmurfs'; + } shorewall::interface {'tun0': zone => 'eip', @@ -18,15 +29,21 @@ PARAM - - udp 53,80,443,1194 zone => 'eip', options => 'tcpflags,blacklist,nosmurfs'; } + shorewall::zone {'eip': type => 'ipv4'; } - shorewall::routestopped {'eth0': - interface => 'eth0'; } + shorewall::routestopped { $interface: + interface => $interface; } + + + shorewall::masq { "${interface}_tcp": + interface => $interface, + source => "$site_config::eip::openvpn_tcp_network_prefix.0/$site_config::eip::openvpn_tcp_cidr"; } - shorewall::masq {'eth0': - interface => 'eth0', - source => ''; } + shorewall::masq { "${interface}_udp": + interface => $interface, + source => "$site_config::eip::openvpn_udp_network_prefix.0/$site_config::eip::openvpn_udp_cidr"; } shorewall::policy { 'eip-to-all': |