summaryrefslogtreecommitdiff
path: root/manifests/rules
diff options
context:
space:
mode:
authormh <mh@immerda.ch>2011-11-05 14:50:26 +0100
committermh <mh@immerda.ch>2011-11-05 14:50:26 +0100
commit052f749adb3b488388cba57f65f74852621ac1fa (patch)
treeaf9614fd4868e4c9f19fbfd8d5d72bd514f23680 /manifests/rules
parent8f033c40a6ff210ce295db2bde025d739f8c3053 (diff)
allow ssh_in source to be selected by hiera, better naming for the same option for munin
Diffstat (limited to 'manifests/rules')
-rw-r--r--manifests/rules/munin.pp4
-rw-r--r--manifests/rules/ssh.pp10
2 files changed, 8 insertions, 6 deletions
diff --git a/manifests/rules/munin.pp b/manifests/rules/munin.pp
index 17f0961..26cebfe 100644
--- a/manifests/rules/munin.pp
+++ b/manifests/rules/munin.pp
@@ -1,12 +1,12 @@
class shorewall::rules::munin(
$munin_port = hiera('munin_port','4949'),
$munin_collector = hiera('munin_collector','127.0.0.1'),
- $collector_interface_source = hiera('munin_collector_interface_source','net')
+ $collector_source = hiera('shorewall_munin_in_collector_source','net')
){
shorewall::params { 'MUNINPORT': value => $munin_port }
shorewall::params { 'MUNINCOLLECTOR': value => $munin_collector }
shorewall::rule{'net-me-munin-tcp':
- source => "${collector_interface_source}:\$MUNINCOLLECTOR",
+ source => "${collector_source}:\$MUNINCOLLECTOR",
destination => '$FW',
proto => 'tcp',
destinationport => '$MUNINPORT',
diff --git a/manifests/rules/ssh.pp b/manifests/rules/ssh.pp
index 0eebcb4..3b7efa2 100644
--- a/manifests/rules/ssh.pp
+++ b/manifests/rules/ssh.pp
@@ -1,10 +1,12 @@
-class shorewall::rules::ssh($ports) {
- $flatted_ports = join($ports,',')
+class shorewall::rules::ssh(
+ $ports,
+ $source = hiera('shorewall_ssh_in_source','net')
+) {
shorewall::rule { 'net-me-tcp_ssh':
- source => 'net',
+ source => $shorewall::rules::ssh::source,
destination => '$FW',
proto => 'tcp',
- destinationport => $flatted_ports,
+ destinationport => join($shorewall::rules::ssh::ports,','),
order => 240,
action => 'ACCEPT';
}