diff options
author | mh <mh@immerda.ch> | 2013-01-01 16:22:55 +0100 |
---|---|---|
committer | mh <mh@immerda.ch> | 2013-01-01 16:22:55 +0100 |
commit | bcded0b6e2ed96e1f44058ba7e70a404a83c2c71 (patch) | |
tree | dee4839057caddc08b1a009e54ca48901ffa5caa /manifests | |
parent | b2499eb83c6a55ecebc92e9150cd383eac423fc2 (diff) |
make it possible to exent nets for ipsec
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/rules/ipsec.pp | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/manifests/rules/ipsec.pp b/manifests/rules/ipsec.pp index 3e9db55..82adff0 100644 --- a/manifests/rules/ipsec.pp +++ b/manifests/rules/ipsec.pp @@ -1,7 +1,9 @@ -class shorewall::rules::ipsec { +class shorewall::rules::ipsec( + $source = 'net' +) { shorewall::rule { 'net-me-ipsec-udp': - source => 'net', + source => $shorewall::rules::ipsec::source, destination => '$FW', proto => 'udp', destinationport => '500', @@ -9,20 +11,20 @@ class shorewall::rules::ipsec { action => 'ACCEPT'; 'me-net-ipsec-udp': source => '$FW', - destination => 'net', + destination => $shorewall::rules::ipsec::source, proto => 'udp', destinationport => '500', order => 240, action => 'ACCEPT'; 'net-me-ipsec': - source => 'net', + source => $shorewall::rules::ipsec::source, destination => '$FW', proto => 'esp', order => 240, action => 'ACCEPT'; 'me-net-ipsec': source => '$FW', - destination => 'net', + destination => $shorewall::rules::ipsec::source, proto => 'esp', order => 240, action => 'ACCEPT'; |