diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2014-01-01 15:37:34 -0200 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2014-01-01 15:37:34 -0200 |
| commit | 487d9ab65058b48c068e0e39e0e121f4449f1a4d (patch) | |
| tree | b7804d6d118c62c77e6fda96d24fce8f390e2fce | |
| parent | 0e40ed44c423db9717493860da64ed216c47d0e6 (diff) | |
| download | puppet-firewall-487d9ab65058b48c068e0e39e0e121f4449f1a4d.tar.gz puppet-firewall-487d9ab65058b48c068e0e39e0e121f4449f1a4d.tar.bz2 | |
Allow non-standard torrent ports
| -rw-r--r-- | manifests/router.pp | 13 | ||||
| -rw-r--r-- | manifests/torrent.pp | 8 |
2 files changed, 14 insertions, 7 deletions
diff --git a/manifests/router.pp b/manifests/router.pp index e4b5795..7e0e13d 100644 --- a/manifests/router.pp +++ b/manifests/router.pp @@ -347,13 +347,18 @@ define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone } } -class firewall::router::torrent($destination, $zone = 'loc', $originaldest = $ipaddress) { +class firewall::router::torrent( + $destination, + $zone = 'loc', + $originaldest = $ipaddress, + $range = hiera('firewall::router::torrent::range', '6881:6999') +) { shorewall::rule { "torrent-tcp-1": action => 'DNAT', source => 'net', destination => "$zone:$destination", proto => 'tcp', - destinationport => "6881:6999", + destinationport => "$range", ratelimit => '-', order => 200, } @@ -363,7 +368,7 @@ class firewall::router::torrent($destination, $zone = 'loc', $originaldest = $ip source => 'all', destination => "$zone:$destination", proto => 'tcp', - destinationport => "6881:6999", + destinationport => "$range", originaldest => "$originaldest", ratelimit => '-', order => 200, @@ -374,7 +379,7 @@ class firewall::router::torrent($destination, $zone = 'loc', $originaldest = $ip source => 'net', destination => "$zone:$destination", proto => 'udp', - destinationport => "6881:6999", + destinationport => "$range", ratelimit => '-', order => 201, } diff --git a/manifests/torrent.pp b/manifests/torrent.pp index 2dc8451..e7eb02a 100644 --- a/manifests/torrent.pp +++ b/manifests/torrent.pp @@ -1,10 +1,12 @@ -class firewall::torrent { +class firewall::torrent( + $range = hiera('firewall::torrent::range', '6881:6999') +) { shorewall::rule { "torrent-tcp": action => 'ACCEPT', source => 'net', destination => '$FW', proto => 'tcp', - destinationport => "6881:6999", + destinationport => "$range", ratelimit => '-', order => 200, } @@ -14,7 +16,7 @@ class firewall::torrent { source => 'net', destination => '$FW', proto => 'udp', - destinationport => "6881:6999", + destinationport => "$range", ratelimit => '-', order => 201, } |