diff options
Diffstat (limited to 'manifests/implementations/shorewall/local.pp')
| -rw-r--r-- | manifests/implementations/shorewall/local.pp | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/manifests/implementations/shorewall/local.pp b/manifests/implementations/shorewall/local.pp new file mode 100644 index 0000000..5a3ab63 --- /dev/null +++ b/manifests/implementations/shorewall/local.pp @@ -0,0 +1,47 @@ +class firewall::implementations::shorewall::local( + $network = lookup('firewall::local::network', undef, undef, '192.168.1.0/24'), + $interface = lookup('firewall::local::interface', undef, undef, 'eth0'), + $manage_host = lookup('firewall::local::manage_host', undef, undef, true), + $manage_interface = lookup('firewall::local::manage_iface', undef, undef, false) +) { + + if $manage_host { + shorewall::host { "$interface-loc": + name => "$interface:$network", + zone => 'loc', + options => '', + order => 3, + } + } + + if $manage_interface { + shorewall::interface { "$interface": + zone => 'loc', + rfc1918 => true, + dhcp => true, + options => 'routeback', + } + } + + shorewall::policy { 'loc-all': + sourcezone => 'loc', + destinationzone => 'all', + policy => 'ACCEPT', + order => 5, + } + + shorewall::policy { 'vm-loc': + sourcezone => 'vm', + destinationzone => 'loc', + policy => 'ACCEPT', + order => 6, + } + + shorewall::policy { 'fw-loc': + sourcezone => '$FW', + destinationzone => 'loc', + policy => 'ACCEPT', + order => 7, + } + +} |