1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
class firewall::shaping(
$device = hiera('firewall::device', 'eth0'),
$in_bandwidth = hiera('firewall::in_bandwidth', '1000mbps'),
$out_bandwidth = hiera('firewall::out_bandwidth', '1000mbps')
) {
#
# Traffic shaping
#
shorewall::tcdevices { "${device}":
in_bandwidth => "$in_bandwidth",
out_bandwidth => "$out_bandwidth",
}
shorewall::tcrules { "ssh-tcp":
order => "1",
source => "0.0.0.0/0",
destination => "0.0.0.0/0",
protocol => "tcp",
ports => "22",
}
shorewall::tcrules { "ssh-udp":
order => "1",
source => "0.0.0.0/0",
destination => "0.0.0.0/0",
protocol => "udp",
ports => "22",
}
shorewall::tcclasses { "ssh":
order => "1",
interface => "${device}",
rate => "4*full/100",
ceil => "full",
priority => "1",
}
shorewall::tcclasses { "default":
order => "2",
interface => "${device}",
rate => "6*full/100",
ceil => "full",
priority => "2",
options => "default",
}
}
|
