summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/init.pp16
-rw-r--r--manifests/local.pp8
-rw-r--r--manifests/redirect.pp2
-rw-r--r--manifests/router/torrent.pp2
-rw-r--r--manifests/shaping.pp6
-rw-r--r--manifests/torrent.pp2
-rw-r--r--manifests/virtual/dns.pp4
-rw-r--r--manifests/virtual/gitd.pp4
-rw-r--r--manifests/virtual/gobby.pp4
-rw-r--r--manifests/virtual/http.pp4
-rw-r--r--manifests/virtual/https.pp8
-rw-r--r--manifests/virtual/icecast.pp2
-rw-r--r--manifests/virtual/jabber.pp6
-rw-r--r--manifests/virtual/mail.pp20
-rw-r--r--manifests/virtual/mumble.pp2
-rw-r--r--manifests/virtual/munin.pp2
-rw-r--r--manifests/virtual/ssh.pp2
-rw-r--r--manifests/virtual/tor.pp8
18 files changed, 51 insertions, 51 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index c812955..c760895 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,12 +1,12 @@
# Firewall definitions for physical servers
class firewall(
- $device = hiera('firewall::device', 'eth0'),
- $zone = hiera('firewall::zone', '-'),
- $local_net = hiera('firewall::local_net', false),
- $device_options = hiera('firewall::device_options', 'tcpflags,blacklist,routefilter,nosmurfs,logmartians'),
- $vm_address = hiera('firewall::vm_address', '192.168.0.0/24'),
- $vm_device = hiera('firewall::vm_device', false),
- $ssh = hiera('firewall::ssh', 'ACCEPT'),
+ $device = lookup('firewall::device', undef, undef, 'eth0'),
+ $zone = lookup('firewall::zone', undef, undef, '-'),
+ $local_net = lookup('firewall::local_net', undef, undef, false),
+ $device_options = lookup('firewall::device_options', undef, undef, 'tcpflags,blacklist,routefilter,nosmurfs,logmartians'),
+ $vm_address = lookup('firewall::vm_address', undef, undef, '192.168.0.0/24'),
+ $vm_device = lookup('firewall::vm_device', undef, undef, false),
+ $ssh = lookup('firewall::ssh', undef, undef, 'ACCEPT'),
) {
class { 'shorewall': }
@@ -175,7 +175,7 @@ class firewall(
destination => '$FW',
proto => '-',
destinationport => '-',
- ratelimit => hiera("firewall::ssl_ratelimit", '-'),
+ ratelimit => lookup("firewall::ssl_ratelimit", undef, undef, '-'),
order => 103,
}
diff --git a/manifests/local.pp b/manifests/local.pp
index 804bce5..a44b9b8 100644
--- a/manifests/local.pp
+++ b/manifests/local.pp
@@ -1,8 +1,8 @@
class firewall::local(
- $network = hiera('firewall::local::network', '192.168.1.0/24'),
- $interface = hiera('firewall::local::interface', 'eth0'),
- $manage_host = hiera('firewall::local::manage_host', true),
- $manage_interface = hiera('firewall::local::manage_iface', false)
+ $network = lookup('firewall::local::network', undef, undef, '192.168.1.0/24'),
+ $interface = lookup('firewall::local::interface', undef, undef, 'eth0'),
+ $manage_host = lookup('firewall::local::manage_host', undef, undef, true),
+ $manage_interface = lookup('firewall::local::manage_iface', undef, undef, false)
) {
if $manage_host {
diff --git a/manifests/redirect.pp b/manifests/redirect.pp
index d3785a1..dee9a98 100644
--- a/manifests/redirect.pp
+++ b/manifests/redirect.pp
@@ -2,7 +2,7 @@ class firewall::redirect::ssh($destinationport) {
# When the box is in an internal network and we want to provide
# and external access through a shared real IP, we have to
# redirect requests coming from another port to port 22.
- $ip = hiera('firewall::external_ip', $::ipaddress)
+ $ip = lookup('firewall::external_ip', undef, undef, $::ipaddress)
shorewall::rule { "ssh-redirect-1":
action => 'DNAT',
diff --git a/manifests/router/torrent.pp b/manifests/router/torrent.pp
index be80071..08f4c7e 100644
--- a/manifests/router/torrent.pp
+++ b/manifests/router/torrent.pp
@@ -2,7 +2,7 @@ class firewall::router::torrent(
$destination,
$zone = 'loc',
$originaldest = $ipaddress,
- $range = hiera('firewall::torrent::range', '6881:6999')
+ $range = lookup('firewall::torrent::range', undef, undef, '6881:6999')
) {
shorewall::rule { "torrent-tcp-1":
action => 'DNAT',
diff --git a/manifests/shaping.pp b/manifests/shaping.pp
index 63bd464..277f82c 100644
--- a/manifests/shaping.pp
+++ b/manifests/shaping.pp
@@ -1,7 +1,7 @@
class firewall::shaping(
- $device = hiera('firewall::device', 'eth0'),
- $in_bandwidth = hiera('firewall::in_bandwidth', '1000mbps'),
- $out_bandwidth = hiera('firewall::out_bandwidth', '1000mbps')
+ $device = lookup('firewall::device', undef, undef, 'eth0'),
+ $in_bandwidth = lookup('firewall::in_bandwidth', undef, undef, '1000mbps'),
+ $out_bandwidth = lookup('firewall::out_bandwidth', undef, undef, '1000mbps')
) {
#
# Traffic shaping
diff --git a/manifests/torrent.pp b/manifests/torrent.pp
index e7eb02a..bc3a914 100644
--- a/manifests/torrent.pp
+++ b/manifests/torrent.pp
@@ -1,5 +1,5 @@
class firewall::torrent(
- $range = hiera('firewall::torrent::range', '6881:6999')
+ $range = lookup('firewall::torrent::range', undef, undef, '6881:6999')
) {
shorewall::rule { "torrent-tcp":
action => 'ACCEPT',
diff --git a/manifests/virtual/dns.pp b/manifests/virtual/dns.pp
index f389929..1bf3872 100644
--- a/manifests/virtual/dns.pp
+++ b/manifests/virtual/dns.pp
@@ -25,7 +25,7 @@ class firewall::virtual::dns($destination, $zone = 'vm') {
destination => "fw:$destination:53",
proto => 'tcp',
destinationport => '53',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => 2002,
}
@@ -46,7 +46,7 @@ class firewall::virtual::dns($destination, $zone = 'vm') {
destination => "fw:$destination:53",
proto => 'udp',
destinationport => '53',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => 2004,
}
diff --git a/manifests/virtual/gitd.pp b/manifests/virtual/gitd.pp
index 02c4fb9..b760f03 100644
--- a/manifests/virtual/gitd.pp
+++ b/manifests/virtual/gitd.pp
@@ -5,7 +5,7 @@ class firewall::virtual::gitd($destination) {
destination => "vm:$destination:9418",
proto => 'tcp',
destinationport => '9418',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => 800,
}
@@ -16,7 +16,7 @@ class firewall::virtual::gitd($destination) {
destination => "fw:$destination:9418",
proto => 'tcp',
destinationport => '9418',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => 801,
}
diff --git a/manifests/virtual/gobby.pp b/manifests/virtual/gobby.pp
index 162fe1d..cc2c9fe 100644
--- a/manifests/virtual/gobby.pp
+++ b/manifests/virtual/gobby.pp
@@ -5,7 +5,7 @@ class firewall::virtual::gobby($destination) {
destination => "fw:$destination:6523",
proto => 'tcp',
destinationport => '6523',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => 2400,
}
@@ -16,7 +16,7 @@ class firewall::virtual::gobby($destination) {
destination => "vm:$destination:6523",
proto => 'tcp',
destinationport => '6523',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => 2400,
}
diff --git a/manifests/virtual/http.pp b/manifests/virtual/http.pp
index efd3dca..bb8e232 100644
--- a/manifests/virtual/http.pp
+++ b/manifests/virtual/http.pp
@@ -5,7 +5,7 @@ class firewall::virtual::http($destination) {
destination => "fw:$destination:80",
proto => 'tcp',
destinationport => '80',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => 600,
}
@@ -16,7 +16,7 @@ class firewall::virtual::http($destination) {
destination => "vm:$destination:80",
proto => 'tcp',
destinationport => '80',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => 601,
}
diff --git a/manifests/virtual/https.pp b/manifests/virtual/https.pp
index 36e0c9f..70a10a4 100644
--- a/manifests/virtual/https.pp
+++ b/manifests/virtual/https.pp
@@ -5,8 +5,8 @@ class firewall::virtual::https($destination) {
destination => "fw:$destination:443",
proto => 'tcp',
destinationport => '443',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
- ratelimit => hiera("firewall::ssl_ratelimit", '-'),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
+ ratelimit => lookup("firewall::ssl_ratelimit", undef, undef, '-'),
order => 602,
}
@@ -16,8 +16,8 @@ class firewall::virtual::https($destination) {
destination => "vm:$destination:443",
proto => 'tcp',
destinationport => '443',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
- ratelimit => hiera("firewall::ssl_ratelimit", '-'),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
+ ratelimit => lookup("firewall::ssl_ratelimit", undef, undef, '-'),
order => 602,
}
}
diff --git a/manifests/virtual/icecast.pp b/manifests/virtual/icecast.pp
index 1681f18..3c392b6 100644
--- a/manifests/virtual/icecast.pp
+++ b/manifests/virtual/icecast.pp
@@ -15,7 +15,7 @@ class firewall::virtual::icecast($destination, $zone = 'fw') {
destination => "$zone:$destination:8000",
proto => 'tcp',
destinationport => '8000',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => 901,
}
diff --git a/manifests/virtual/jabber.pp b/manifests/virtual/jabber.pp
index 0bba4e9..703b9a9 100644
--- a/manifests/virtual/jabber.pp
+++ b/manifests/virtual/jabber.pp
@@ -15,7 +15,7 @@ class firewall::virtual::jabber($destination, $zone = 'fw') {
destination => "$zone:$destination:5223",
proto => 'tcp',
destinationport => '5223',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => 2201,
}
@@ -36,7 +36,7 @@ class firewall::virtual::jabber($destination, $zone = 'fw') {
destination => "$zone:$destination:4369",
proto => 'tcp',
destinationport => '4369',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => 2203,
}
@@ -47,7 +47,7 @@ class firewall::virtual::jabber($destination, $zone = 'fw') {
destination => "$zone:$destination:4370",
proto => 'tcp',
destinationport => '4370:4375',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => 2204,
}
diff --git a/manifests/virtual/mail.pp b/manifests/virtual/mail.pp
index 75eec5f..c16f898 100644
--- a/manifests/virtual/mail.pp
+++ b/manifests/virtual/mail.pp
@@ -5,7 +5,7 @@ class firewall::virtual::mail($destination) {
destination => "fw:$destination:25",
proto => 'tcp',
destinationport => '25',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => 1000,
}
@@ -16,7 +16,7 @@ class firewall::virtual::mail($destination) {
destination => "vm:$destination:25",
proto => 'tcp',
destinationport => '25',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => 1001,
}
@@ -27,8 +27,8 @@ class firewall::virtual::mail($destination) {
destination => "fw:$destination:993",
proto => 'tcp',
destinationport => '993',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
- ratelimit => hiera("firewall::ssl_ratelimit", '-'),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
+ ratelimit => lookup("firewall::ssl_ratelimit", undef, undef, '-'),
order => 1002,
}
@@ -38,8 +38,8 @@ class firewall::virtual::mail($destination) {
destination => "vm:$destination:993",
proto => 'tcp',
destinationport => '993',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
- ratelimit => hiera("firewall::ssl_ratelimit", '-'),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
+ ratelimit => lookup("firewall::ssl_ratelimit", undef, undef, '-'),
order => 1003,
}
@@ -49,8 +49,8 @@ class firewall::virtual::mail($destination) {
destination => "fw:$destination:587",
proto => 'tcp',
destinationport => '587',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
- ratelimit => hiera("firewall::ssl_ratelimit", '-'),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
+ ratelimit => lookup("firewall::ssl_ratelimit", undef, undef, '-'),
order => 1004,
}
@@ -60,8 +60,8 @@ class firewall::virtual::mail($destination) {
destination => "vm:$destination:587",
proto => 'tcp',
destinationport => '587',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
- ratelimit => hiera("firewall::ssl_ratelimit", '-'),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
+ ratelimit => lookup("firewall::ssl_ratelimit", undef, undef, '-'),
order => 1005,
}
}
diff --git a/manifests/virtual/mumble.pp b/manifests/virtual/mumble.pp
index 45ab393..b523dca 100644
--- a/manifests/virtual/mumble.pp
+++ b/manifests/virtual/mumble.pp
@@ -15,7 +15,7 @@ class firewall::virtual::mumble($destination, $zone = 'fw') {
destination => "$zone:$destination:64738",
proto => 'udp',
destinationport => '64738',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => 2301,
}
diff --git a/manifests/virtual/munin.pp b/manifests/virtual/munin.pp
index b8bfce1..79514c6 100644
--- a/manifests/virtual/munin.pp
+++ b/manifests/virtual/munin.pp
@@ -21,7 +21,7 @@ define firewall::virtual::munin($destination, $port_orig, $port_dest = '', $orde
},
proto => 'tcp',
destinationport => "$port_orig",
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => $order,
}
diff --git a/manifests/virtual/ssh.pp b/manifests/virtual/ssh.pp
index 4832b58..7ad93fc 100644
--- a/manifests/virtual/ssh.pp
+++ b/manifests/virtual/ssh.pp
@@ -21,7 +21,7 @@ define firewall::virtual::ssh($destination, $port_orig = '22', $port_dest = '',
},
proto => 'tcp',
destinationport => "$port_orig",
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => "2$port_orig",
}
diff --git a/manifests/virtual/tor.pp b/manifests/virtual/tor.pp
index f4a1cb6..7cca6d6 100644
--- a/manifests/virtual/tor.pp
+++ b/manifests/virtual/tor.pp
@@ -15,7 +15,7 @@ class firewall::virtual::tor($destination, $zone = 'vm') {
destination => "fw:$destination:9000",
proto => 'tcp',
destinationport => '9000',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => 2101,
}
@@ -36,7 +36,7 @@ class firewall::virtual::tor($destination, $zone = 'vm') {
destination => "fw:$destination:9001",
proto => 'tcp',
destinationport => '9001',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => 2103,
}
@@ -57,7 +57,7 @@ class firewall::virtual::tor($destination, $zone = 'vm') {
destination => "fw:$destination:9100",
proto => 'tcp',
destinationport => '9100',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => 2105,
}
@@ -78,7 +78,7 @@ class firewall::virtual::tor($destination, $zone = 'vm') {
destination => "fw:$destination:9101",
proto => 'tcp',
destinationport => '9101',
- originaldest => hiera('firewall::external_ip', $::ipaddress),
+ originaldest => lookup('firewall::external_ip', undef, undef, $::ipaddress),
ratelimit => '-',
order => 2107,
}