diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2022-01-08 15:50:26 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2022-01-08 15:50:26 -0300 |
commit | 3d1cf84f39fece3f2a9f8b7247a792212eb81177 (patch) | |
tree | f1fa5ca591908d363d13d30256f7af3b242d2d6b /manifests/implementations/shorewall/local.pp | |
parent | 55fa862bae8e2582e5ac0c008a0bb0ec53d9bfff (diff) | |
download | puppet-firewall-3d1cf84f39fece3f2a9f8b7247a792212eb81177.tar.gz puppet-firewall-3d1cf84f39fece3f2a9f8b7247a792212eb81177.tar.bz2 |
Feat: major refactor
Diffstat (limited to 'manifests/implementations/shorewall/local.pp')
-rw-r--r-- | manifests/implementations/shorewall/local.pp | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/manifests/implementations/shorewall/local.pp b/manifests/implementations/shorewall/local.pp new file mode 100644 index 0000000..5a3ab63 --- /dev/null +++ b/manifests/implementations/shorewall/local.pp @@ -0,0 +1,47 @@ +class firewall::implementations::shorewall::local( + $network = lookup('firewall::local::network', undef, undef, '192.168.1.0/24'), + $interface = lookup('firewall::local::interface', undef, undef, 'eth0'), + $manage_host = lookup('firewall::local::manage_host', undef, undef, true), + $manage_interface = lookup('firewall::local::manage_iface', undef, undef, false) +) { + + if $manage_host { + shorewall::host { "$interface-loc": + name => "$interface:$network", + zone => 'loc', + options => '', + order => 3, + } + } + + if $manage_interface { + shorewall::interface { "$interface": + zone => 'loc', + rfc1918 => true, + dhcp => true, + options => 'routeback', + } + } + + shorewall::policy { 'loc-all': + sourcezone => 'loc', + destinationzone => 'all', + policy => 'ACCEPT', + order => 5, + } + + shorewall::policy { 'vm-loc': + sourcezone => 'vm', + destinationzone => 'loc', + policy => 'ACCEPT', + order => 6, + } + + shorewall::policy { 'fw-loc': + sourcezone => '$FW', + destinationzone => 'loc', + policy => 'ACCEPT', + order => 7, + } + +} |