summaryrefslogtreecommitdiff
path: root/puppet/modules/site_shorewall
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_shorewall')
-rw-r--r--puppet/modules/site_shorewall/manifests/defaults.pp4
-rw-r--r--puppet/modules/site_shorewall/manifests/eip.pp35
2 files changed, 26 insertions, 13 deletions
diff --git a/puppet/modules/site_shorewall/manifests/defaults.pp b/puppet/modules/site_shorewall/manifests/defaults.pp
index c68b8370..88981e5f 100644
--- a/puppet/modules/site_shorewall/manifests/defaults.pp
+++ b/puppet/modules/site_shorewall/manifests/defaults.pp
@@ -10,8 +10,4 @@ class site_shorewall::defaults {
shorewall::rule_section { 'NEW': order => 10; }
- shorewall::interface {'eth0':
- zone => 'net',
- options => 'tcpflags,blacklist,nosmurfs';
- }
}
diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp
index 0902039c..34268125 100644
--- a/puppet/modules/site_shorewall/manifests/eip.pp
+++ b/puppet/modules/site_shorewall/manifests/eip.pp
@@ -1,15 +1,26 @@
class site_shorewall::eip {
# be safe for development
- $shorewall_startup='0'
+ #$shorewall_startup='0'
include site_shorewall::defaults
+ $interface = hiera('interface')
+ $ssh_config = hiera('ssh')
+ $ssh_port = $ssh_config['port']
+
# define macro
- file { "/etc/shorewall/macro.leap_eip":
- content => 'PARAM - - tcp 53,80,443,1194
+ file { '/etc/shorewall/macro.leap_eip':
+ content => "PARAM - - tcp 53,80,443,1194,$ssh_port
PARAM - - udp 53,80,443,1194
-', }
+", }
+
+
+ # define interfaces
+ shorewall::interface { $interface:
+ zone => 'net',
+ options => 'tcpflags,blacklist,nosmurfs';
+ }
shorewall::interface {'tun0':
zone => 'eip',
@@ -18,15 +29,21 @@ PARAM - - udp 53,80,443,1194
zone => 'eip',
options => 'tcpflags,blacklist,nosmurfs'; }
+
shorewall::zone {'eip':
type => 'ipv4'; }
- shorewall::routestopped {'eth0':
- interface => 'eth0'; }
+ shorewall::routestopped { $interface:
+ interface => $interface; }
+
+
+ shorewall::masq { "${interface}_tcp":
+ interface => $interface,
+ source => "$site_config::eip::openvpn_tcp_network_prefix.0/$site_config::eip::openvpn_tcp_cidr"; }
- shorewall::masq {'eth0':
- interface => 'eth0',
- source => ''; }
+ shorewall::masq { "${interface}_udp":
+ interface => $interface,
+ source => "$site_config::eip::openvpn_udp_network_prefix.0/$site_config::eip::openvpn_udp_cidr"; }
shorewall::policy {
'eip-to-all':