summaryrefslogtreecommitdiff
path: root/puppet/modules
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules')
-rw-r--r--puppet/modules/site_shorewall/manifests/eip.pp50
1 files changed, 32 insertions, 18 deletions
diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp
index d5d7ff19..b2d165db 100644
--- a/puppet/modules/site_shorewall/manifests/eip.pp
+++ b/puppet/modules/site_shorewall/manifests/eip.pp
@@ -8,7 +8,7 @@ class site_shorewall::eip {
$ip_address = hiera('ip_address')
# a special case for vagrant interfaces
$interface = $::virtual ? {
- virtualbox => ['eth0', 'eth1'],
+ virtualbox => [ 'eth0', 'eth1' ],
default => getvar("${ip_address}_interface")
}
$ssh_config = hiera('ssh')
@@ -30,28 +30,42 @@ PARAM - - udp 1194
options => 'tcpflags,blacklist,nosmurfs';
}
- shorewall::interface {'tun0':
- zone => 'eip',
- options => 'tcpflags,blacklist,nosmurfs'; }
- shorewall::interface {'tun1':
- zone => 'eip',
- options => 'tcpflags,blacklist,nosmurfs'; }
+ shorewall::interface {
+ 'tun0':
+ zone => 'eip',
+ options => 'tcpflags,blacklist,nosmurfs';
+ 'tun1':
+ zone => 'eip',
+ options => 'tcpflags,blacklist,nosmurfs'
+ }
shorewall::zone {'eip':
type => 'ipv4'; }
- shorewall::routestopped { $interface:
- interface => $interface; }
-
-
- shorewall::masq { "${interface}_tcp":
- interface => $interface,
- source => "${site_openvpn::openvpn_tcp_network_prefix}.0/${site_openvpn::openvpn_tcp_cidr}"; }
-
- shorewall::masq { "${interface}_udp":
- interface => $interface,
- source => "${site_openvpn::openvpn_udp_network_prefix}.0/${site_openvpn::openvpn_udp_cidr}"; }
+ shorewall::routestopped { $interface: }
+
+ case $::virtual {
+ 'virtualbox': {
+ shorewall::masq {
+ 'eth0_tcp':
+ interface => 'eth0',
+ source => "${site_openvpn::openvpn_tcp_network_prefix}.0/${site_openvpn::openvpn_tcp_cidr}";
+ 'eth0_udp':
+ interface => 'eth0',
+ source => "${site_openvpn::openvpn_udp_network_prefix}.0/${site_openvpn::openvpn_udp_cidr}"; }
+ }
+ default: {
+ shorewall::masq {
+ "${interface}_tcp":
+ interface => $interface,
+ source => "${site_openvpn::openvpn_tcp_network_prefix}.0/${site_openvpn::openvpn_tcp_cidr}";
+
+ "${interface}_udp":
+ interface => $interface,
+ source => "${site_openvpn::openvpn_udp_network_prefix}.0/${site_openvpn::openvpn_udp_cidr}"; }
+ }
+ }
shorewall::policy {
'eip-to-all':