summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/init.pp18
1 files changed, 10 insertions, 8 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index 2052a99..853456f 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,5 +1,7 @@
# Firewall definitions for physical servers
class firewall(
+ $device = hiera('firewall::device', 'eth0'),
+ $zone = hiera('firewall::zone', '-'),
$local_net = hiera('firewall::local_net', false),
$in_bandwidth = hiera('firewall::in_bandwidth', '2mbit'),
$out_bandwidth = hiera('firewall::out_bandwidth', '2mbit'),
@@ -16,8 +18,8 @@ class firewall(
#
# Interfaces
#
- shorewall::interface { 'eth0':
- zone => '-',
+ shorewall::interface { "${device}":
+ zone => $zone,
rfc1918 => $rfc1918,
options => $device_options,
}
@@ -63,22 +65,22 @@ class firewall(
#
# Hosts
#
- shorewall::host { "eth0-subnet":
- name => 'eth0:192.168.0.0/24',
+ shorewall::host { "${device}-subnet":
+ name => "${device}:192.168.0.0/24",
zone => 'vm',
options => '',
order => '1',
}
- shorewall::host { "eth0":
- name => 'eth0:0.0.0.0/0',
+ shorewall::host { "${device}":
+ name => "${device}:0.0.0.0/0",
zone => 'net',
options => '',
order => '2',
}
- shorewall::masq { "eth0":
- interface => 'eth0:!192.168.0.0/24',
+ shorewall::masq { "${device}":
+ interface => "${device}:!192.168.0.0/24",
source => '192.168.0.0/24',
order => '1',
}