1 files changed, 26 insertions, 191 deletions

diff --git a/manifests/nas.pp b/manifests/nas.pp
index 8857cad..94b4470 100644
--- a/manifests/nas.pp
+++ b/manifests/nas.pp
@@ -1,196 +1,31 @@
 class firewall::nas(
-  $ftp     = false,
-  $tftp    = false,
-  $http    = false,
-  $nfsd    = false,
-  $rsync   = false,
-  $printer = false,
-  $torrent = false,
-  $mpd     = false,
-  $samba   = false,
-  $dlna    = false,
-  $daap    = false,
-  $avahi   = false
+  $implementation = lookup('firewall::implementation', undef, undef, 'shorewall'),
+  $ftp            = false,
+  $tftp           = false,
+  $http           = false,
+  $nfsd           = false,
+  $rsync          = false,
+  $printer        = false,
+  $torrent        = false,
+  $mpd            = false,
+  $samba          = false,
+  $dlna           = false,
+  $daap           = false,
+  $avahi          = false
 ) {
 
-  if $ftp == true {
-    include shorewall::rules::ftp
-  }
-
-  if $tftp == true {
-    include shorewall::rules::tftp
-  }
-
-  if $http == true {
-    include shorewall::rules::http
-  }
-
-  if $nfsd == true {
-    include shorewall::rules::nfsd
-
-    # Additional ports needed by NFS
-    # Got using rpcinfo -p and netstat -ap
-    shorewall::rule { 'nfs-1':
-      action          => 'ACCEPT',
-      source          => 'net',
-      destination     => '$FW',
-      proto           => 'tcp',
-      destinationport => '35150,43902,46661,46661,46661,50340,54814,57170,58403,59780',
-      ratelimit       => '-',
-      order           => 100,
-    }
-
-    shorewall::rule { 'nfs-2':
-      action          => 'ACCEPT',
-      source          => 'net',
-      destination     => '$FW',
-      proto           => 'udp',
-      destinationport => '938,38511,43195,53081,53081,53081,38521,45238,52664,52400,60331',
-      ratelimit       => '-',
-      order           => 100,
-    }
-  }
-
-  if $rsync == true {
-    include shorewall::rules::rsync
-  }
-
-  if $printer == true {
-    include firewall::printer
-  }
-
-  if $torrent == true {
-    include firewall::torrent
-  }
-
-  if $mpd == true {
-    include firewall::mpd
-  }
-
-  if $samba == true {
-    # See http://www.shorewall.net/samba.htm
-    shorewall::rule { 'samba':
-      action          => 'SMB/ACCEPT',
-      source          => 'net',
-      destination     => '$FW',
-      proto           => '-',
-      destinationport => '-',
-      ratelimit       => '-',
-      order           => 100,
-    }
-
-    shorewall::rule { 'netbios-1':
-      action          => 'ACCEPT',
-      source          => 'net',
-      destination     => '$FW',
-      proto           => 'tcp',
-      destinationport => '137,138,139',
-      ratelimit       => '-',
-      order           => 100,
-    }
-
-    shorewall::rule { 'netbios-2':
-      action          => 'ACCEPT',
-      source          => 'net',
-      destination     => '$FW',
-      proto           => 'udp',
-      destinationport => '137,138,139',
-      ratelimit       => '-',
-      order           => 100,
-    }
-  }
-
-  if $dlna == true {
-    # DLNA
-    #
-    # https://wiki.archlinux.org/index.php/MiniDLNA
-    # http://netpatia.blogspot.co.uk/2011/03/setup-your-own-dlna-server.html
-    # http://wiki.alpinelinux.org/wiki/IPTV_How_To
-    # http://mediatomb.cc/dokuwiki/faq:faq
-    # http://packages.debian.org/wheezy/djmount
-    # http://packages.debian.org/wheezy/gupnp-tools
-    #
-    # Optional:
-    #
-    # http://www.shorewall.net/UPnP.html
-    #
-    #   linux-igd package
-    #   /etc/default/linux-igd
-    #   /etc/upnpd.conf
-
-    shorewall::rule { "dlna-1":
-      action          => 'ACCEPT',
-      source          => 'net',
-      destination     => '$FW',
-      proto           => 'tcp,udp',
-      destinationport => "1900",
-      ratelimit       => '-',
-      order           => 102,
-    }
-
-    shorewall::rule { "dlna-2":
-      action          => 'ACCEPT',
-      source          => 'net',
-      destination     => '$FW',
-      proto           => 'tcp,udp',
-      destinationport => "8200",
-      ratelimit       => '-',
-      order           => 103,
-    }
-
-    shorewall::rule { "dlna-3":
-      action          => 'allowinUPnP',
-      source          => 'net',
-      destination     => '$FW',
-      order           => 104,
-    }
-
-    shorewall::rule { "dlna-4":
-      action          => 'forwardUPnP',
-      source          => 'net',
-      destination     => '$FW',
-      order           => 105,
-    }
-
-    # Enable multicast
-    augeas { 'enable_multicast':
-      changes => 'set /files/etc/shorewall/shorewall.conf/MULTICAST Yes',
-      lens    => 'Shellvars.lns',
-      incl    => '/etc/shorewall/shorewall.conf',
-      notify  => Service[shorewall];
-    }
-  }
-
-  if $daap == true {
-    # DAAP
-    shorewall::rule { 'daap-1':
-      source          => 'net',
-      destination     => '$FW',
-      proto           => 'tcp',
-      destinationport => '3689',
-      order           => 300,
-      action          => 'ACCEPT';
-    }
-
-    shorewall::rule { 'daap-2':
-      source          => 'net',
-      destination     => '$FW',
-      proto           => 'udp',
-      destinationport => '3689',
-      order           => 301,
-      action          => 'ACCEPT';
-    }
-  }
-
-  if $avahi == true {
-    # Avahi/mDNS
-    shorewall::rule { 'mdns':
-      source          => 'net',
-      destination     => '$FW',
-      proto           => 'udp',
-      destinationport => '5353',
-      order           => 400,
-      action          => 'ACCEPT';
-    }
+  class { "firewall::implementations::${implementation}::nas":
+    ftp     => $ftp,
+    tftp    => $tftp,
+    http    => $http,
+    nfsd    => $nfsd,
+    rsync   => $rsync,
+    printer => $printer,
+    torrent => $torrent,
+    mpd     => $mpd,
+    samba   => $samba,
+    dlna    => $dlna,
+    daap    => $daap,
+    avahi   => $avahi,
   }
 }