diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2022-01-25 13:29:40 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2022-01-25 13:29:40 -0300 |
commit | a3e5ee421e5686b2e5f7536a91436e37a7b1e684 (patch) | |
tree | 9ed3722c77fc2a8f003bb103b2e8305a85fa6272 | |
parent | 9bfd1dd20b5cc47a5dd8a5bc8cc3e1e2183e1626 (diff) | |
download | puppet-firewall-a3e5ee421e5686b2e5f7536a91436e37a7b1e684.tar.gz puppet-firewall-a3e5ee421e5686b2e5f7536a91436e37a7b1e684.tar.bz2 |
Misc fixes (2)
-rw-r--r-- | manifests/implementations/shorewall/router/hairpinning.pp | 2 | ||||
-rw-r--r-- | manifests/implementations/shorewall/router/munin.pp | 2 | ||||
-rw-r--r-- | manifests/implementations/shorewall/router/ssh.pp | 2 | ||||
-rw-r--r-- | manifests/implementations/shorewall/router/tor.pp | 2 | ||||
-rw-r--r-- | manifests/router/hairpinning.pp | 24 | ||||
-rw-r--r-- | manifests/router/mail.pp | 2 | ||||
-rw-r--r-- | manifests/router/munin.pp | 16 | ||||
-rw-r--r-- | manifests/router/rsync.pp | 3 | ||||
-rw-r--r-- | manifests/router/ssh.pp | 15 | ||||
-rw-r--r-- | manifests/router/tor.pp | 10 | ||||
-rw-r--r-- | manifests/router/torrent.pp | 2 |
11 files changed, 43 insertions, 37 deletions
diff --git a/manifests/implementations/shorewall/router/hairpinning.pp b/manifests/implementations/shorewall/router/hairpinning.pp index 21a8d9d..f78ebb4 100644 --- a/manifests/implementations/shorewall/router/hairpinning.pp +++ b/manifests/implementations/shorewall/router/hairpinning.pp @@ -1,5 +1,5 @@ # See http://www.shorewall.net/FAQ.htm#faq2 -define firewall::router::hairpinning($order = '5000', $proto = 'tcp', $port = 'www', +define firewall::implementations::shorewall::router::hairpinning($order = '5000', $proto = 'tcp', $port = 'www', $external_ip = '$ETH0_IP', $interface = 'eth1', $destination = '192.168.1.100', $source = 'eth1', $source_zone = 'loc', $dest_zone = 'loc', diff --git a/manifests/implementations/shorewall/router/munin.pp b/manifests/implementations/shorewall/router/munin.pp index 7ca136d..698c12b 100644 --- a/manifests/implementations/shorewall/router/munin.pp +++ b/manifests/implementations/shorewall/router/munin.pp @@ -1,4 +1,4 @@ -define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone = 'loc', +define firewall::implementations::shorewall::router::munin($destination, $port_orig, $port_dest = '', $zone = 'loc', $order = '400', $originaldest = $ipaddress) { shorewall::rule { "munin-$name-1": action => 'DNAT', diff --git a/manifests/implementations/shorewall/router/ssh.pp b/manifests/implementations/shorewall/router/ssh.pp index a37b61f..9bdf69e 100644 --- a/manifests/implementations/shorewall/router/ssh.pp +++ b/manifests/implementations/shorewall/router/ssh.pp @@ -1,4 +1,4 @@ -define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'loc', +define firewall::implementations::shorewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'loc', $originaldest = $ipaddress) { shorewall::rule { "ssh-$name-1": action => 'DNAT', diff --git a/manifests/implementations/shorewall/router/tor.pp b/manifests/implementations/shorewall/router/tor.pp index cf5cc58..eae3775 100644 --- a/manifests/implementations/shorewall/router/tor.pp +++ b/manifests/implementations/shorewall/router/tor.pp @@ -1,4 +1,4 @@ -define firewall::router::tor($destination, $zone = 'loc', $originaldest = $ipaddress) { +define firewall::implementations::shorewall::router::tor($destination, $zone = 'loc', $originaldest = $ipaddress) { shorewall::rule { "tor-$name-1": action => 'DNAT', source => 'net', diff --git a/manifests/router/hairpinning.pp b/manifests/router/hairpinning.pp index 96fac1e..7be71ca 100644 --- a/manifests/router/hairpinning.pp +++ b/manifests/router/hairpinning.pp @@ -12,16 +12,18 @@ define firewall::router::hairpinning( $dest_zone = 'loc', $port_dest = '' ) { - class { "firewall::implementations::${implementation}::router::hairpinning": - order => $order, - proto => $proto, - port => $port, - external_ip => $external_ip, - interface => $interface, - destination => $destination, - source => $source, - source_zone => $source_zone, - dest_zone => $dest_zone, - port_dest => $port_dest, + if $implementation == 'shorewall' { + firewall::implementations::shorewall::router::hairpinning { "${name}": + order => $order, + proto => $proto, + port => $port, + external_ip => $external_ip, + interface => $interface, + destination => $destination, + source => $source, + source_zone => $source_zone, + dest_zone => $dest_zone, + port_dest => $port_dest, + } } } diff --git a/manifests/router/mail.pp b/manifests/router/mail.pp index 5efde58..6ae5662 100644 --- a/manifests/router/mail.pp +++ b/manifests/router/mail.pp @@ -1,4 +1,4 @@ -class firewall::router::mail(i +class firewall::router::mail( $implementation = lookup('firewall::implementation', undef, undef, 'shorewall'), $destination, $zone = 'loc', $originaldest = $ipaddress ) { diff --git a/manifests/router/munin.pp b/manifests/router/munin.pp index 4fd33fd..e5d2fb9 100644 --- a/manifests/router/munin.pp +++ b/manifests/router/munin.pp @@ -7,12 +7,14 @@ define firewall::router::munin( $originaldest = $ipaddress $implementation = lookup('firewall::implementation', undef, undef, 'shorewall'), ) { - class { "firewall::implementations::${implementation}::router::munin": - destination => $destination, - port_orig => $port_orig, - port_dest => $port_dest, - zone => $zone, - order => $order, - originaldest => $originaldest, + if $implementation == 'shorewall' { + firewall::implementations::shorewall::router::munin { "${name}": + destination => $destination, + port_orig => $port_orig, + port_dest => $port_dest, + zone => $zone, + order => $order, + originaldest => $originaldest, + } } } diff --git a/manifests/router/rsync.pp b/manifests/router/rsync.pp index 9e36f85..8098e4a 100644 --- a/manifests/router/rsync.pp +++ b/manifests/router/rsync.pp @@ -3,7 +3,7 @@ class firewall::router::rsync( $port_orig = '873', $port_dest = '', $zone = 'loc', - $originaldest = $ipaddress + $originaldest = $ipaddress, $implementation = lookup('firewall::implementation', undef, undef, 'shorewall'), ) { class { "firewall::implementations::${implementation}::router::rsync": @@ -11,7 +11,6 @@ class firewall::router::rsync( port_orig => $port_orig, port_dest => $port_dest, zone => $zone, - order => $order, originaldest => $originaldest, } } diff --git a/manifests/router/ssh.pp b/manifests/router/ssh.pp index 6f1a640..5704fbb 100644 --- a/manifests/router/ssh.pp +++ b/manifests/router/ssh.pp @@ -6,12 +6,13 @@ define firewall::router::ssh( $originaldest = $ipaddress, $implementation = lookup('firewall::implementation', undef, undef, 'shorewall'), ) { - class { "firewall::implementations::${implementation}::router::ssh": - destination => $destination, - port_orig => $port_orig, - port_dest => $port_dest, - zone => $zone, - order => $order, - originaldest => $originaldest, + if $implementation == 'shorewall' { + firewall::implementations::shorewall::router::ssh { "${name}": + destination => $destination, + port_orig => $port_orig, + port_dest => $port_dest, + zone => $zone, + originaldest => $originaldest, + } } } diff --git a/manifests/router/tor.pp b/manifests/router/tor.pp index b93ea05..e3c61fb 100644 --- a/manifests/router/tor.pp +++ b/manifests/router/tor.pp @@ -2,9 +2,11 @@ define firewall::router::tor( $implementation = lookup('firewall::implementation', undef, undef, 'shorewall'), $destination, $zone = 'loc', $originaldest = $ipaddress ) { - class { "firewall::implementations::${implementation}::router::tor": - destination => $destination, - zone => $zone, - originaldest => $originaldest, + if $implementation == 'shorewall' { + firewall::implementations::shorewall::router::tor { "${name}": + destination => $destination, + zone => $zone, + originaldest => $originaldest, + } } } diff --git a/manifests/router/torrent.pp b/manifests/router/torrent.pp index b5ac97d..493bd4c 100644 --- a/manifests/router/torrent.pp +++ b/manifests/router/torrent.pp @@ -2,7 +2,7 @@ class firewall::router::torrent( $destination, $zone = 'loc', $originaldest = $ipaddress, - $range = lookup('firewall::torrent::range', undef, undef, '6881:6999') + $range = lookup('firewall::torrent::range', undef, undef, '6881:6999'), $implementation = lookup('firewall::implementation', undef, undef, 'shorewall'), ) { class { "firewall::implementations::${implementation}::router::torrent": |