diff options
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/init.pp | 93 |
1 files changed, 48 insertions, 45 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index e12b374..1734c3f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -15,6 +15,34 @@ class firewall( default => false, } + $real_subnet_device = $vm_device ? { + false => $device, + default => $vm_device, + } + + $real_masq_interface = $vm_device ? { + false => "${device}:!${vm_address}", + default => "${device}", + } + + # + # Zones + # + shorewall::zone { 'vm': + type => 'ipv4', + order => '2', + } + + shorewall::zone { 'net': + type => 'ipv4', + order => '3', + } + + shorewall::zone { 'loc': + type => 'ipv4', + order => 4, + } + # # Interfaces # @@ -33,6 +61,25 @@ class firewall( } # + # Hosts + # + shorewall::host { "${real_subnet_device}-subnet": + name => "${real_subnet_device}:${vm_address}", + zone => 'vm', + options => '', + order => '1', + } + + if $zone == '-' { + shorewall::host { "${device}": + name => "${device}:0.0.0.0/0", + zone => 'net', + options => '', + order => '2', + } + } + + # # Policy # shorewall::policy { 'vm-net': @@ -80,34 +127,8 @@ class firewall( } # - # Hosts + # Masq # - $real_subnet_device = $vm_device ? { - false => $device, - default => $vm_device, - } - - shorewall::host { "${real_subnet_device}-subnet": - name => "${real_subnet_device}:${vm_address}", - zone => 'vm', - options => '', - order => '1', - } - - if $zone == '-' { - shorewall::host { "${device}": - name => "${device}:0.0.0.0/0", - zone => 'net', - options => '', - order => '2', - } - } - - $real_masq_interface = $vm_device ? { - false => "${device}:!${vm_address}", - default => "${device}", - } - shorewall::masq { "${device}": interface => "${real_masq_interface}", source => "${vm_address}", @@ -174,24 +195,6 @@ class firewall( order => 104, } - # - # Zones - # - shorewall::zone { 'vm': - type => 'ipv4', - order => '2', - } - - shorewall::zone { 'net': - type => 'ipv4', - order => '3', - } - - shorewall::zone { 'loc': - type => 'ipv4', - order => 4, - } - if $local_net == true { class { "firewall::local": } } |