summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2022-01-25 13:29:40 -0300
committerSilvio Rhatto <rhatto@riseup.net>2022-01-25 13:29:40 -0300
commita3e5ee421e5686b2e5f7536a91436e37a7b1e684 (patch)
tree9ed3722c77fc2a8f003bb103b2e8305a85fa6272
parent9bfd1dd20b5cc47a5dd8a5bc8cc3e1e2183e1626 (diff)
downloadpuppet-firewall-a3e5ee421e5686b2e5f7536a91436e37a7b1e684.tar.gz
puppet-firewall-a3e5ee421e5686b2e5f7536a91436e37a7b1e684.tar.bz2
Misc fixes (2)
-rw-r--r--manifests/implementations/shorewall/router/hairpinning.pp2
-rw-r--r--manifests/implementations/shorewall/router/munin.pp2
-rw-r--r--manifests/implementations/shorewall/router/ssh.pp2
-rw-r--r--manifests/implementations/shorewall/router/tor.pp2
-rw-r--r--manifests/router/hairpinning.pp24
-rw-r--r--manifests/router/mail.pp2
-rw-r--r--manifests/router/munin.pp16
-rw-r--r--manifests/router/rsync.pp3
-rw-r--r--manifests/router/ssh.pp15
-rw-r--r--manifests/router/tor.pp10
-rw-r--r--manifests/router/torrent.pp2
11 files changed, 43 insertions, 37 deletions
diff --git a/manifests/implementations/shorewall/router/hairpinning.pp b/manifests/implementations/shorewall/router/hairpinning.pp
index 21a8d9d..f78ebb4 100644
--- a/manifests/implementations/shorewall/router/hairpinning.pp
+++ b/manifests/implementations/shorewall/router/hairpinning.pp
@@ -1,5 +1,5 @@
# See http://www.shorewall.net/FAQ.htm#faq2
-define firewall::router::hairpinning($order = '5000', $proto = 'tcp', $port = 'www',
+define firewall::implementations::shorewall::router::hairpinning($order = '5000', $proto = 'tcp', $port = 'www',
$external_ip = '$ETH0_IP', $interface = 'eth1',
$destination = '192.168.1.100', $source = 'eth1',
$source_zone = 'loc', $dest_zone = 'loc',
diff --git a/manifests/implementations/shorewall/router/munin.pp b/manifests/implementations/shorewall/router/munin.pp
index 7ca136d..698c12b 100644
--- a/manifests/implementations/shorewall/router/munin.pp
+++ b/manifests/implementations/shorewall/router/munin.pp
@@ -1,4 +1,4 @@
-define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone = 'loc',
+define firewall::implementations::shorewall::router::munin($destination, $port_orig, $port_dest = '', $zone = 'loc',
$order = '400', $originaldest = $ipaddress) {
shorewall::rule { "munin-$name-1":
action => 'DNAT',
diff --git a/manifests/implementations/shorewall/router/ssh.pp b/manifests/implementations/shorewall/router/ssh.pp
index a37b61f..9bdf69e 100644
--- a/manifests/implementations/shorewall/router/ssh.pp
+++ b/manifests/implementations/shorewall/router/ssh.pp
@@ -1,4 +1,4 @@
-define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'loc',
+define firewall::implementations::shorewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'loc',
$originaldest = $ipaddress) {
shorewall::rule { "ssh-$name-1":
action => 'DNAT',
diff --git a/manifests/implementations/shorewall/router/tor.pp b/manifests/implementations/shorewall/router/tor.pp
index cf5cc58..eae3775 100644
--- a/manifests/implementations/shorewall/router/tor.pp
+++ b/manifests/implementations/shorewall/router/tor.pp
@@ -1,4 +1,4 @@
-define firewall::router::tor($destination, $zone = 'loc', $originaldest = $ipaddress) {
+define firewall::implementations::shorewall::router::tor($destination, $zone = 'loc', $originaldest = $ipaddress) {
shorewall::rule { "tor-$name-1":
action => 'DNAT',
source => 'net',
diff --git a/manifests/router/hairpinning.pp b/manifests/router/hairpinning.pp
index 96fac1e..7be71ca 100644
--- a/manifests/router/hairpinning.pp
+++ b/manifests/router/hairpinning.pp
@@ -12,16 +12,18 @@ define firewall::router::hairpinning(
$dest_zone = 'loc',
$port_dest = ''
) {
- class { "firewall::implementations::${implementation}::router::hairpinning":
- order => $order,
- proto => $proto,
- port => $port,
- external_ip => $external_ip,
- interface => $interface,
- destination => $destination,
- source => $source,
- source_zone => $source_zone,
- dest_zone => $dest_zone,
- port_dest => $port_dest,
+ if $implementation == 'shorewall' {
+ firewall::implementations::shorewall::router::hairpinning { "${name}":
+ order => $order,
+ proto => $proto,
+ port => $port,
+ external_ip => $external_ip,
+ interface => $interface,
+ destination => $destination,
+ source => $source,
+ source_zone => $source_zone,
+ dest_zone => $dest_zone,
+ port_dest => $port_dest,
+ }
}
}
diff --git a/manifests/router/mail.pp b/manifests/router/mail.pp
index 5efde58..6ae5662 100644
--- a/manifests/router/mail.pp
+++ b/manifests/router/mail.pp
@@ -1,4 +1,4 @@
-class firewall::router::mail(i
+class firewall::router::mail(
$implementation = lookup('firewall::implementation', undef, undef, 'shorewall'),
$destination, $zone = 'loc', $originaldest = $ipaddress
) {
diff --git a/manifests/router/munin.pp b/manifests/router/munin.pp
index 4fd33fd..e5d2fb9 100644
--- a/manifests/router/munin.pp
+++ b/manifests/router/munin.pp
@@ -7,12 +7,14 @@ define firewall::router::munin(
$originaldest = $ipaddress
$implementation = lookup('firewall::implementation', undef, undef, 'shorewall'),
) {
- class { "firewall::implementations::${implementation}::router::munin":
- destination => $destination,
- port_orig => $port_orig,
- port_dest => $port_dest,
- zone => $zone,
- order => $order,
- originaldest => $originaldest,
+ if $implementation == 'shorewall' {
+ firewall::implementations::shorewall::router::munin { "${name}":
+ destination => $destination,
+ port_orig => $port_orig,
+ port_dest => $port_dest,
+ zone => $zone,
+ order => $order,
+ originaldest => $originaldest,
+ }
}
}
diff --git a/manifests/router/rsync.pp b/manifests/router/rsync.pp
index 9e36f85..8098e4a 100644
--- a/manifests/router/rsync.pp
+++ b/manifests/router/rsync.pp
@@ -3,7 +3,7 @@ class firewall::router::rsync(
$port_orig = '873',
$port_dest = '',
$zone = 'loc',
- $originaldest = $ipaddress
+ $originaldest = $ipaddress,
$implementation = lookup('firewall::implementation', undef, undef, 'shorewall'),
) {
class { "firewall::implementations::${implementation}::router::rsync":
@@ -11,7 +11,6 @@ class firewall::router::rsync(
port_orig => $port_orig,
port_dest => $port_dest,
zone => $zone,
- order => $order,
originaldest => $originaldest,
}
}
diff --git a/manifests/router/ssh.pp b/manifests/router/ssh.pp
index 6f1a640..5704fbb 100644
--- a/manifests/router/ssh.pp
+++ b/manifests/router/ssh.pp
@@ -6,12 +6,13 @@ define firewall::router::ssh(
$originaldest = $ipaddress,
$implementation = lookup('firewall::implementation', undef, undef, 'shorewall'),
) {
- class { "firewall::implementations::${implementation}::router::ssh":
- destination => $destination,
- port_orig => $port_orig,
- port_dest => $port_dest,
- zone => $zone,
- order => $order,
- originaldest => $originaldest,
+ if $implementation == 'shorewall' {
+ firewall::implementations::shorewall::router::ssh { "${name}":
+ destination => $destination,
+ port_orig => $port_orig,
+ port_dest => $port_dest,
+ zone => $zone,
+ originaldest => $originaldest,
+ }
}
}
diff --git a/manifests/router/tor.pp b/manifests/router/tor.pp
index b93ea05..e3c61fb 100644
--- a/manifests/router/tor.pp
+++ b/manifests/router/tor.pp
@@ -2,9 +2,11 @@ define firewall::router::tor(
$implementation = lookup('firewall::implementation', undef, undef, 'shorewall'),
$destination, $zone = 'loc', $originaldest = $ipaddress
) {
- class { "firewall::implementations::${implementation}::router::tor":
- destination => $destination,
- zone => $zone,
- originaldest => $originaldest,
+ if $implementation == 'shorewall' {
+ firewall::implementations::shorewall::router::tor { "${name}":
+ destination => $destination,
+ zone => $zone,
+ originaldest => $originaldest,
+ }
}
}
diff --git a/manifests/router/torrent.pp b/manifests/router/torrent.pp
index b5ac97d..493bd4c 100644
--- a/manifests/router/torrent.pp
+++ b/manifests/router/torrent.pp
@@ -2,7 +2,7 @@ class firewall::router::torrent(
$destination,
$zone = 'loc',
$originaldest = $ipaddress,
- $range = lookup('firewall::torrent::range', undef, undef, '6881:6999')
+ $range = lookup('firewall::torrent::range', undef, undef, '6881:6999'),
$implementation = lookup('firewall::implementation', undef, undef, 'shorewall'),
) {
class { "firewall::implementations::${implementation}::router::torrent":