From 49f0c54a05f6b542367f8ef4538316ba2eaac6cd Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Fri, 20 Jun 2014 01:58:39 -0700
Subject: new generic system for stunnel: just `include site_stunnel` and
 stunnel + needed shorewall will be automatically set up. requires new
 leap_cli

---
 .../site_shorewall/manifests/stunnel/server.pp     | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 puppet/modules/site_shorewall/manifests/stunnel/server.pp

(limited to 'puppet/modules/site_shorewall/manifests/stunnel/server.pp')

diff --git a/puppet/modules/site_shorewall/manifests/stunnel/server.pp b/puppet/modules/site_shorewall/manifests/stunnel/server.pp
new file mode 100644
index 00000000..db3ecd3e
--- /dev/null
+++ b/puppet/modules/site_shorewall/manifests/stunnel/server.pp
@@ -0,0 +1,22 @@
+#
+# Allow all incoming connections to stunnel server port
+#
+
+define site_shorewall::stunnel::server($port) {
+
+  include site_shorewall::defaults
+
+  file { "/etc/shorewall/macro.stunnel_server_${name}":
+    content => "PARAM   -       -       tcp    ${port}",
+    notify  => Service['shorewall'],
+    require => Package['shorewall']
+  }
+  shorewall::rule {
+    'net2fw-couchdb':
+      source      => 'net',
+      destination => '$FW',
+      action      => "stunnel_server_${name}(ACCEPT)",
+      order       => 200;
+  }
+
+}
\ No newline at end of file
-- 
cgit v1.2.3