diff options
Diffstat (limited to 'manifests/nas.pp')
-rw-r--r-- | manifests/nas.pp | 217 |
1 files changed, 26 insertions, 191 deletions
diff --git a/manifests/nas.pp b/manifests/nas.pp index 8857cad..94b4470 100644 --- a/manifests/nas.pp +++ b/manifests/nas.pp @@ -1,196 +1,31 @@ class firewall::nas( - $ftp = false, - $tftp = false, - $http = false, - $nfsd = false, - $rsync = false, - $printer = false, - $torrent = false, - $mpd = false, - $samba = false, - $dlna = false, - $daap = false, - $avahi = false + $implementation = lookup('firewall::implementation', undef, undef, 'shorewall'), + $ftp = false, + $tftp = false, + $http = false, + $nfsd = false, + $rsync = false, + $printer = false, + $torrent = false, + $mpd = false, + $samba = false, + $dlna = false, + $daap = false, + $avahi = false ) { - if $ftp == true { - include shorewall::rules::ftp - } - - if $tftp == true { - include shorewall::rules::tftp - } - - if $http == true { - include shorewall::rules::http - } - - if $nfsd == true { - include shorewall::rules::nfsd - - # Additional ports needed by NFS - # Got using rpcinfo -p and netstat -ap - shorewall::rule { 'nfs-1': - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => '35150,43902,46661,46661,46661,50340,54814,57170,58403,59780', - ratelimit => '-', - order => 100, - } - - shorewall::rule { 'nfs-2': - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'udp', - destinationport => '938,38511,43195,53081,53081,53081,38521,45238,52664,52400,60331', - ratelimit => '-', - order => 100, - } - } - - if $rsync == true { - include shorewall::rules::rsync - } - - if $printer == true { - include firewall::printer - } - - if $torrent == true { - include firewall::torrent - } - - if $mpd == true { - include firewall::mpd - } - - if $samba == true { - # See http://www.shorewall.net/samba.htm - shorewall::rule { 'samba': - action => 'SMB/ACCEPT', - source => 'net', - destination => '$FW', - proto => '-', - destinationport => '-', - ratelimit => '-', - order => 100, - } - - shorewall::rule { 'netbios-1': - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => '137,138,139', - ratelimit => '-', - order => 100, - } - - shorewall::rule { 'netbios-2': - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'udp', - destinationport => '137,138,139', - ratelimit => '-', - order => 100, - } - } - - if $dlna == true { - # DLNA - # - # https://wiki.archlinux.org/index.php/MiniDLNA - # http://netpatia.blogspot.co.uk/2011/03/setup-your-own-dlna-server.html - # http://wiki.alpinelinux.org/wiki/IPTV_How_To - # http://mediatomb.cc/dokuwiki/faq:faq - # http://packages.debian.org/wheezy/djmount - # http://packages.debian.org/wheezy/gupnp-tools - # - # Optional: - # - # http://www.shorewall.net/UPnP.html - # - # linux-igd package - # /etc/default/linux-igd - # /etc/upnpd.conf - - shorewall::rule { "dlna-1": - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'tcp,udp', - destinationport => "1900", - ratelimit => '-', - order => 102, - } - - shorewall::rule { "dlna-2": - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'tcp,udp', - destinationport => "8200", - ratelimit => '-', - order => 103, - } - - shorewall::rule { "dlna-3": - action => 'allowinUPnP', - source => 'net', - destination => '$FW', - order => 104, - } - - shorewall::rule { "dlna-4": - action => 'forwardUPnP', - source => 'net', - destination => '$FW', - order => 105, - } - - # Enable multicast - augeas { 'enable_multicast': - changes => 'set /files/etc/shorewall/shorewall.conf/MULTICAST Yes', - lens => 'Shellvars.lns', - incl => '/etc/shorewall/shorewall.conf', - notify => Service[shorewall]; - } - } - - if $daap == true { - # DAAP - shorewall::rule { 'daap-1': - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => '3689', - order => 300, - action => 'ACCEPT'; - } - - shorewall::rule { 'daap-2': - source => 'net', - destination => '$FW', - proto => 'udp', - destinationport => '3689', - order => 301, - action => 'ACCEPT'; - } - } - - if $avahi == true { - # Avahi/mDNS - shorewall::rule { 'mdns': - source => 'net', - destination => '$FW', - proto => 'udp', - destinationport => '5353', - order => 400, - action => 'ACCEPT'; - } + class { "firewall::implementations::${implementation}::nas": + ftp => $ftp, + tftp => $tftp, + http => $http, + nfsd => $nfsd, + rsync => $rsync, + printer => $printer, + torrent => $torrent, + mpd => $mpd, + samba => $samba, + dlna => $dlna, + daap => $daap, + avahi => $avahi, } } |