From ffb88e54c5e4e30fa61ea1009f3eee62f98ab17c Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Wed, 27 Feb 2013 23:46:58 -0800
Subject: openvpn -- added support for optional "free" rate-limited service via
 special client certificates with the FREE prefix in the common name.

---
 .../modules/site_shorewall/manifests/dnat_rule.pp   | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

(limited to 'puppet/modules/site_shorewall/manifests')

diff --git a/puppet/modules/site_shorewall/manifests/dnat_rule.pp b/puppet/modules/site_shorewall/manifests/dnat_rule.pp
index 68f480d8..0b4370df 100644
--- a/puppet/modules/site_shorewall/manifests/dnat_rule.pp
+++ b/puppet/modules/site_shorewall/manifests/dnat_rule.pp
@@ -11,7 +11,6 @@ define site_shorewall::dnat_rule {
           destinationport => $port,
           order           => 100;
     }
-
     shorewall::rule {
         "dnat_udp_port_$port":
           action          => 'DNAT',
@@ -21,5 +20,25 @@ define site_shorewall::dnat_rule {
           destinationport => $port,
           order           => 100;
     }
+    if $site_openvpn::openvpn_allow_free {
+      shorewall::rule {
+          "dnat_free_tcp_port_$port":
+            action          => 'DNAT',
+            source          => 'net',
+            destination     => "\$FW:${site_openvpn::openvpn_free_gateway_address}:1194",
+            proto           => 'tcp',
+            destinationport => $port,
+            order           => 100;
+      }
+      shorewall::rule {
+          "dnat_free_udp_port_$port":
+            action          => 'DNAT',
+            source          => 'net',
+            destination     => "\$FW:${site_openvpn::openvpn_free_gateway_address}:1194",
+            proto           => 'udp',
+            destinationport => $port,
+            order           => 100;
+      }
+    }
   }
 }
-- 
cgit v1.2.3