diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2015-09-11 21:56:50 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2015-09-11 21:56:50 -0300 |
commit | 14ced49d32beab8b80c6499b3a02ed1523ab98ae (patch) | |
tree | 22cdf03d732e91e502c5124e9f649d1c972488ce /manifests/vm | |
parent | 279c52185ec96cd1f8b0c25a1a14b0e537c1c11a (diff) | |
download | puppet-firewall-14ced49d32beab8b80c6499b3a02ed1523ab98ae.tar.gz puppet-firewall-14ced49d32beab8b80c6499b3a02ed1523ab98ae.tar.bz2 |
Use firewall::virtual class names
Diffstat (limited to 'manifests/vm')
-rw-r--r-- | manifests/vm/dns.pp | 53 | ||||
-rw-r--r-- | manifests/vm/gitd.pp | 22 | ||||
-rw-r--r-- | manifests/vm/gobby.pp | 11 | ||||
-rw-r--r-- | manifests/vm/http.pp | 22 | ||||
-rw-r--r-- | manifests/vm/https.pp | 22 | ||||
-rw-r--r-- | manifests/vm/icecast.pp | 22 | ||||
-rw-r--r-- | manifests/vm/jabber.pp | 54 | ||||
-rw-r--r-- | manifests/vm/mail.pp | 64 | ||||
-rw-r--r-- | manifests/vm/mdns.pp | 11 | ||||
-rw-r--r-- | manifests/vm/mumble.pp | 22 | ||||
-rw-r--r-- | manifests/vm/munin.pp | 28 | ||||
-rw-r--r-- | manifests/vm/puppetmaster.pp | 85 | ||||
-rw-r--r-- | manifests/vm/rsync.pp | 11 | ||||
-rw-r--r-- | manifests/vm/ssh.pp | 28 | ||||
-rw-r--r-- | manifests/vm/tor.pp | 43 | ||||
-rw-r--r-- | manifests/vm/yacy.pp | 11 |
16 files changed, 0 insertions, 509 deletions
diff --git a/manifests/vm/dns.pp b/manifests/vm/dns.pp deleted file mode 100644 index a273bcc..0000000 --- a/manifests/vm/dns.pp +++ /dev/null @@ -1,53 +0,0 @@ -class firewall::vm::dns($destination, $zone = 'vm') { - shorewall::rule { 'dns-route-0': - action => 'DNS/ACCEPT', - source => 'net', - destination => '$FW', - proto => '-', - destinationport => '-', - ratelimit => '-', - order => 2000, - } - - shorewall::rule { 'dns-route-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:53", - proto => 'tcp', - destinationport => '53', - ratelimit => '-', - order => 2001, - } - - shorewall::rule { 'dns-route-2': - action => 'DNAT', - source => '$FW', - destination => "fw:$destination:53", - proto => 'tcp', - destinationport => '53', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => '-', - order => 2002, - } - - shorewall::rule { 'dns-route-3': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:53", - proto => 'udp', - destinationport => '53', - ratelimit => '-', - order => 2003, - } - - shorewall::rule { 'dns-route-4': - action => 'DNAT', - source => '$FW', - destination => "fw:$destination:53", - proto => 'udp', - destinationport => '53', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => '-', - order => 2004, - } -} diff --git a/manifests/vm/gitd.pp b/manifests/vm/gitd.pp deleted file mode 100644 index 8c497db..0000000 --- a/manifests/vm/gitd.pp +++ /dev/null @@ -1,22 +0,0 @@ -class firewall::vm::gitd($destination, $zone = 'fw') { - shorewall::rule { 'git-daemon-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:9418", - proto => 'tcp', - destinationport => '9418', - ratelimit => '-', - order => 800, - } - - shorewall::rule { 'git-daemon-2': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:9418", - proto => 'tcp', - destinationport => '9418', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => '-', - order => 801, - } -} diff --git a/manifests/vm/gobby.pp b/manifests/vm/gobby.pp deleted file mode 100644 index 3b113c5..0000000 --- a/manifests/vm/gobby.pp +++ /dev/null @@ -1,11 +0,0 @@ -class firewall::vm::gobby($destination, $zone = 'fw') { - shorewall::rule { 'gobby-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:6523", - proto => 'tcp', - destinationport => '6523', - ratelimit => '-', - order => 2400, - } -} diff --git a/manifests/vm/http.pp b/manifests/vm/http.pp deleted file mode 100644 index 404d82f..0000000 --- a/manifests/vm/http.pp +++ /dev/null @@ -1,22 +0,0 @@ -class firewall::vm::http($destination, $zone = 'vm') { - shorewall::rule { 'http-route-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:80", - proto => 'tcp', - destinationport => '80', - ratelimit => '-', - order => 600, - } - - shorewall::rule { 'http-route-2': - action => 'DNAT', - source => '$FW', - destination => "fw:$destination:80", - proto => 'tcp', - destinationport => '80', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => '-', - order => 601, - } -} diff --git a/manifests/vm/https.pp b/manifests/vm/https.pp deleted file mode 100644 index 047ff66..0000000 --- a/manifests/vm/https.pp +++ /dev/null @@ -1,22 +0,0 @@ -class firewall::vm::https($destination, $zone = 'vm') { - shorewall::rule { 'https-route-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:443", - proto => 'tcp', - destinationport => '443', - ratelimit => hiera("firewall::ssl_ratelimit", '-'), - order => 602, - } - - shorewall::rule { 'https-route-2': - action => 'DNAT', - source => '$FW', - destination => "fw:$destination:443", - proto => 'tcp', - destinationport => '443', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => hiera("firewall::ssl_ratelimit", '-'), - order => 602, - } -} diff --git a/manifests/vm/icecast.pp b/manifests/vm/icecast.pp deleted file mode 100644 index b7bc2fe..0000000 --- a/manifests/vm/icecast.pp +++ /dev/null @@ -1,22 +0,0 @@ -class firewall::vm::icecast($destination, $zone = 'fw') { - shorewall::rule { 'icecast-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:8000", - proto => 'tcp', - destinationport => '8000', - ratelimit => '-', - order => 900, - } - - shorewall::rule { 'icecast-2': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:8000", - proto => 'tcp', - destinationport => '8000', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => '-', - order => 901, - } -} diff --git a/manifests/vm/jabber.pp b/manifests/vm/jabber.pp deleted file mode 100644 index db26d6b..0000000 --- a/manifests/vm/jabber.pp +++ /dev/null @@ -1,54 +0,0 @@ -class firewall::vm::jabber($destination, $zone = 'fw') { - shorewall::rule { 'jabber-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:5222", - proto => 'tcp', - destinationport => '5222', - ratelimit => '-', - order => 2200, - } - - shorewall::rule { 'jabber-1': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:5223", - proto => 'tcp', - destinationport => '5223', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => '-', - order => 2201, - } - - shorewall::rule { 'jabber-2': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:5269", - proto => 'tcp', - destinationport => '5269', - ratelimit => '-', - order => 2202, - } - - shorewall::rule { 'jabber-3': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:4369", - proto => 'tcp', - destinationport => '4369', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => '-', - order => 2203, - } - - shorewall::rule { 'jabber-4': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:4370", - proto => 'tcp', - destinationport => '4370:4375', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => '-', - order => 2204, - } -} diff --git a/manifests/vm/mail.pp b/manifests/vm/mail.pp deleted file mode 100644 index f629865..0000000 --- a/manifests/vm/mail.pp +++ /dev/null @@ -1,64 +0,0 @@ -class firewall::vm::mail($destination, $zone = 'fw') { - shorewall::rule { 'mail-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:25", - proto => 'tcp', - destinationport => '25', - ratelimit => '-', - order => 1000, - } - - shorewall::rule { 'mail-2': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:25", - proto => 'tcp', - destinationport => '25', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => '-', - order => 1001, - } - - shorewall::rule { 'mail-3': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:993", - proto => 'tcp', - destinationport => '993', - ratelimit => hiera("firewall::ssl_ratelimit", '-'), - order => 1002, - } - - shorewall::rule { 'mail-4': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:993", - proto => 'tcp', - destinationport => '993', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => hiera("firewall::ssl_ratelimit", '-'), - order => 1003, - } - - shorewall::rule { 'mail-5': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:587", - proto => 'tcp', - destinationport => '587', - ratelimit => hiera("firewall::ssl_ratelimit", '-'), - order => 1004, - } - - shorewall::rule { 'mail-6': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:587", - proto => 'tcp', - destinationport => '587', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => hiera("firewall::ssl_ratelimit", '-'), - order => 1005, - } -} diff --git a/manifests/vm/mdns.pp b/manifests/vm/mdns.pp deleted file mode 100644 index 644c889..0000000 --- a/manifests/vm/mdns.pp +++ /dev/null @@ -1,11 +0,0 @@ -class firewall::vm::mdns($destination, $zone = 'fw') { - shorewall::rule { 'mdns-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:5353", - proto => 'tcp', - destinationport => '5353', - ratelimit => '-', - order => 2700, - } -} diff --git a/manifests/vm/mumble.pp b/manifests/vm/mumble.pp deleted file mode 100644 index 321ab07..0000000 --- a/manifests/vm/mumble.pp +++ /dev/null @@ -1,22 +0,0 @@ -class firewall::vm::mumble($destination, $zone = 'fw') { - shorewall::rule { 'mumble-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:64738", - proto => 'tcp', - destinationport => '64738', - ratelimit => '-', - order => 2300, - } - - shorewall::rule { 'mumble-1': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:64738", - proto => 'udp', - destinationport => '64738', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => '-', - order => 2301, - } -} diff --git a/manifests/vm/munin.pp b/manifests/vm/munin.pp deleted file mode 100644 index e92e216..0000000 --- a/manifests/vm/munin.pp +++ /dev/null @@ -1,28 +0,0 @@ -define firewall::vm::munin($destination, $port_orig, $port_dest = '', $order = '400', $zone = 'fw') { - shorewall::rule { "munin-$name-1": - action => 'DNAT', - source => 'net', - destination => $port_dest ? { - '' => "$zone:$destination", - default => "$zone:$destination:$port_dest", - }, - proto => 'tcp', - destinationport => "$port_orig", - ratelimit => '-', - order => $order, - } - - shorewall::rule { "munin-$name-2": - action => 'DNAT', - source => '$FW', - destination => $port_dest ? { - '' => "$zone:$destination", - default => "$zone:$destination:$port_dest", - }, - proto => 'tcp', - destinationport => "$port_orig", - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => '-', - order => $order, - } -} diff --git a/manifests/vm/puppetmaster.pp b/manifests/vm/puppetmaster.pp deleted file mode 100644 index a097d77..0000000 --- a/manifests/vm/puppetmaster.pp +++ /dev/null @@ -1,85 +0,0 @@ -class firewall::vm::puppetmaster($destination, $puppetmaster_port = '8140', $puppetmaster_nonssl_port = '8141', $zone = 'fw') { - shorewall::rule { 'puppetmaster-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:$puppetmaster_port", - proto => 'tcp', - destinationport => "$puppetmaster_port", - ratelimit => hiera("firewall::ssl_ratelimit", '-'), - order => 700, - } - - shorewall::rule { 'puppetmaster-2': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:$puppetmaster_port", - proto => 'udp', - destinationport => "$puppetmaster_port", - ratelimit => hiera("firewall::ssl_ratelimit", '-'), - order => 701, - } - - shorewall::rule { 'puppetmaster-3': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:$puppetmaster_port", - proto => 'tcp', - destinationport => "$puppetmaster_port", - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => hiera("firewall::ssl_ratelimit", '-'), - order => 702, - } - - shorewall::rule { 'puppetmaster-4': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:$puppetmaster_port", - proto => 'udp', - destinationport => "$puppetmaster_port", - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => hiera("firewall::ssl_ratelimit", '-'), - order => 703, - } - - shorewall::rule { 'puppetmaster-5': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:$puppetmaster_nonssl_port", - proto => 'tcp', - destinationport => "$puppetmaster_nonssl_port", - ratelimit => '-', - order => 704, - } - - shorewall::rule { 'puppetmaster-6': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:$puppetmaster_nonssl_port", - proto => 'udp', - destinationport => "$puppetmaster_nonssl_port", - ratelimit => '-', - order => 705, - } - - shorewall::rule { 'puppetmaster-7': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:$puppetmaster_nonssl_port", - proto => 'tcp', - destinationport => "$puppetmaster_nonssl_port", - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => '-', - order => 706, - } - - shorewall::rule { 'puppetmaster-8': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:$puppetmaster_nonssl_port", - proto => 'udp', - destinationport => "$puppetmaster_nonssl_port", - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => '-', - order => 707, - } -} diff --git a/manifests/vm/rsync.pp b/manifests/vm/rsync.pp deleted file mode 100644 index 6ee9c98..0000000 --- a/manifests/vm/rsync.pp +++ /dev/null @@ -1,11 +0,0 @@ -class firewall::vm::rsync($destination, $zone = 'fw') { - shorewall::rule { 'rsync-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:873", - proto => 'tcp', - destinationport => '873', - ratelimit => '-', - order => 2600, - } -} diff --git a/manifests/vm/ssh.pp b/manifests/vm/ssh.pp deleted file mode 100644 index f9586da..0000000 --- a/manifests/vm/ssh.pp +++ /dev/null @@ -1,28 +0,0 @@ -define firewall::vm::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'vm') { - shorewall::rule { "ssh-$name-1": - action => 'DNAT', - source => 'net', - destination => $port_dest ? { - '' => "$zone:$destination", - default => "$zone:$destination:$port_dest", - }, - proto => 'tcp', - destinationport => "$port_orig", - ratelimit => '-', - order => "2$port_orig", - } - - shorewall::rule { "ssh-$name-2": - action => 'DNAT', - source => '$FW', - destination => $port_dest ? { - '' => "fw:$destination", - default => "fw:$destination:$port_dest", - }, - proto => 'tcp', - destinationport => "$port_orig", - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => '-', - order => "2$port_orig", - } -} diff --git a/manifests/vm/tor.pp b/manifests/vm/tor.pp deleted file mode 100644 index cd8820a..0000000 --- a/manifests/vm/tor.pp +++ /dev/null @@ -1,43 +0,0 @@ -class firewall::vm::tor($destination, $zone = 'fw') { - shorewall::rule { 'tor-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:9001", - proto => 'tcp', - destinationport => '9001', - ratelimit => '-', - order => 2100, - } - - shorewall::rule { 'tor-1': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:9001", - proto => 'tcp', - destinationport => '9001', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => '-', - order => 2101, - } - - shorewall::rule { 'tor-2': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:9030", - proto => 'tcp', - destinationport => '9030', - ratelimit => '-', - order => 2102, - } - - shorewall::rule { 'tor-3': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:9030", - proto => 'tcp', - destinationport => '9030', - originaldest => hiera('firewall::external_ip', $::ipaddress), - ratelimit => '-', - order => 2103, - } -} diff --git a/manifests/vm/yacy.pp b/manifests/vm/yacy.pp deleted file mode 100644 index 0ddbf4b..0000000 --- a/manifests/vm/yacy.pp +++ /dev/null @@ -1,11 +0,0 @@ -class firewall::vm::yacy($destination, $zone = 'fw') { - shorewall::rule { 'yacy-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:8090", - proto => 'tcp', - destinationport => '8090', - ratelimit => '-', - order => 2500, - } -} |