summaryrefslogtreecommitdiff
path: root/puppet/modules/site_shorewall
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_shorewall')
-rw-r--r--puppet/modules/site_shorewall/manifests/eip.pp19
1 files changed, 12 insertions, 7 deletions
diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp
index 590a01ba..8624af87 100644
--- a/puppet/modules/site_shorewall/manifests/eip.pp
+++ b/puppet/modules/site_shorewall/manifests/eip.pp
@@ -5,6 +5,10 @@ class site_shorewall::eip {
include site_shorewall::defaults
+ # define macro
+ file { "/etc/shorewall/macro.leap_eip":
+ content => 'PARAM - - - 53,80,443,1194', }
+
shorewall::interface {'tun0':
zone => 'eip',
options => 'tcpflags,blacklist,nosmurfs'; }
@@ -41,15 +45,16 @@ class site_shorewall::eip {
destination => 'all',
action => 'Ping(ACCEPT)',
order => 200;
- 'all2all-ssh':
- source => 'all',
- destination => 'all',
+
+ 'net2fw-ssh':
+ source => 'net',
+ destination => '$FW',
action => 'SSH(ACCEPT)',
order => 200;
- 'all2all-openvpn':
- source => 'all',
- destination => 'all',
- action => 'OpenVPN(ACCEPT)',
+ 'net2fw-openvpn':
+ source => 'net',
+ destination => '$FW',
+ action => 'leap_eip(ACCEPT)',
order => 200;
# eip gw itself to outside
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 09:22:00 +0000