summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/init.pp93
1 files changed, 48 insertions, 45 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index e12b374..1734c3f 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -15,6 +15,34 @@ class firewall(
default => false,
}
+ $real_subnet_device = $vm_device ? {
+ false => $device,
+ default => $vm_device,
+ }
+
+ $real_masq_interface = $vm_device ? {
+ false => "${device}:!${vm_address}",
+ default => "${device}",
+ }
+
+ #
+ # Zones
+ #
+ shorewall::zone { 'vm':
+ type => 'ipv4',
+ order => '2',
+ }
+
+ shorewall::zone { 'net':
+ type => 'ipv4',
+ order => '3',
+ }
+
+ shorewall::zone { 'loc':
+ type => 'ipv4',
+ order => 4,
+ }
+
#
# Interfaces
#
@@ -33,6 +61,25 @@ class firewall(
}
#
+ # Hosts
+ #
+ shorewall::host { "${real_subnet_device}-subnet":
+ name => "${real_subnet_device}:${vm_address}",
+ zone => 'vm',
+ options => '',
+ order => '1',
+ }
+
+ if $zone == '-' {
+ shorewall::host { "${device}":
+ name => "${device}:0.0.0.0/0",
+ zone => 'net',
+ options => '',
+ order => '2',
+ }
+ }
+
+ #
# Policy
#
shorewall::policy { 'vm-net':
@@ -80,34 +127,8 @@ class firewall(
}
#
- # Hosts
+ # Masq
#
- $real_subnet_device = $vm_device ? {
- false => $device,
- default => $vm_device,
- }
-
- shorewall::host { "${real_subnet_device}-subnet":
- name => "${real_subnet_device}:${vm_address}",
- zone => 'vm',
- options => '',
- order => '1',
- }
-
- if $zone == '-' {
- shorewall::host { "${device}":
- name => "${device}:0.0.0.0/0",
- zone => 'net',
- options => '',
- order => '2',
- }
- }
-
- $real_masq_interface = $vm_device ? {
- false => "${device}:!${vm_address}",
- default => "${device}",
- }
-
shorewall::masq { "${device}":
interface => "${real_masq_interface}",
source => "${vm_address}",
@@ -174,24 +195,6 @@ class firewall(
order => 104,
}
- #
- # Zones
- #
- shorewall::zone { 'vm':
- type => 'ipv4',
- order => '2',
- }
-
- shorewall::zone { 'net':
- type => 'ipv4',
- order => '3',
- }
-
- shorewall::zone { 'loc':
- type => 'ipv4',
- order => 4,
- }
-
if $local_net == true {
class { "firewall::local": }
}