aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2011-08-15 22:59:22 -0300
committerSilvio Rhatto <rhatto@riseup.net>2011-08-15 22:59:22 -0300
commitef568946ba793b93b0f60810b04227f3c7542947 (patch)
tree31270a6afafe0391d24a11fff294575c57a51cb9
parent0d9fc5dfd7a4263fa6d346c42ac41bff26666783 (diff)
downloadpuppet-nodo-ef568946ba793b93b0f60810b04227f3c7542947.tar.gz
puppet-nodo-ef568946ba793b93b0f60810b04227f3c7542947.tar.bz2
Fixing firewall::router::ssh
-rw-r--r--manifests/subsystems/firewall/router.pp4
-rw-r--r--manifests/subsystems/firewall/vserver.pp50
2 files changed, 27 insertions, 27 deletions
diff --git a/manifests/subsystems/firewall/router.pp b/manifests/subsystems/firewall/router.pp
index a349050..e5563a0 100644
--- a/manifests/subsystems/firewall/router.pp
+++ b/manifests/subsystems/firewall/router.pp
@@ -239,8 +239,8 @@ define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $
action => 'DNAT',
source => '$FW',
destination => $port_dest ? {
- '' => "fw:$destination",
- default => "fw:$destination:$port_dest",
+ '' => "$zone:$destination",
+ default => "$zone:$destination:$port_dest",
},
proto => 'tcp',
destinationport => "$port_orig",
diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp
index 7b09d96..8273c47 100644
--- a/manifests/subsystems/firewall/vserver.pp
+++ b/manifests/subsystems/firewall/vserver.pp
@@ -44,11 +44,11 @@ class firewall::vserver::https($destination, $zone = 'vm') {
}
}
-class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', $puppetmaster_nonssl_port = '8141') {
+class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', $puppetmaster_nonssl_port = '8141', $zone = 'fw') {
shorewall::rule { 'puppetmaster-1':
action => 'DNAT',
source => 'net',
- destination => "fw:$destination:$puppetmaster_port",
+ destination => "$zone:$destination:$puppetmaster_port",
proto => 'tcp',
destinationport => "$puppetmaster_port",
ratelimit => '-',
@@ -58,7 +58,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
shorewall::rule { 'puppetmaster-2':
action => 'DNAT',
source => 'net',
- destination => "fw:$destination:$puppetmaster_port",
+ destination => "$zone:$destination:$puppetmaster_port",
proto => 'udp',
destinationport => "$puppetmaster_port",
ratelimit => '-',
@@ -68,7 +68,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
shorewall::rule { 'puppetmaster-3':
action => 'DNAT',
source => '$FW',
- destination => "fw:$destination:$puppetmaster_port",
+ destination => "$zone:$destination:$puppetmaster_port",
proto => 'tcp',
destinationport => "$puppetmaster_port",
originaldest => "$ipaddress",
@@ -79,7 +79,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
shorewall::rule { 'puppetmaster-4':
action => 'DNAT',
source => '$FW',
- destination => "fw:$destination:$puppetmaster_port",
+ destination => "$zone:$destination:$puppetmaster_port",
proto => 'udp',
destinationport => "$puppetmaster_port",
originaldest => "$ipaddress",
@@ -90,7 +90,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
shorewall::rule { 'puppetmaster-5':
action => 'DNAT',
source => 'net',
- destination => "fw:$destination:$puppetmaster_nonssl_port",
+ destination => "$zone:$destination:$puppetmaster_nonssl_port",
proto => 'tcp',
destinationport => "$puppetmaster_nonssl_port",
ratelimit => '-',
@@ -100,7 +100,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
shorewall::rule { 'puppetmaster-6':
action => 'DNAT',
source => 'net',
- destination => "fw:$destination:$puppetmaster_nonssl_port",
+ destination => "$zone:$destination:$puppetmaster_nonssl_port",
proto => 'udp',
destinationport => "$puppetmaster_nonssl_port",
ratelimit => '-',
@@ -110,7 +110,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
shorewall::rule { 'puppetmaster-7':
action => 'DNAT',
source => '$FW',
- destination => "fw:$destination:$puppetmaster_nonssl_port",
+ destination => "$zone:$destination:$puppetmaster_nonssl_port",
proto => 'tcp',
destinationport => "$puppetmaster_nonssl_port",
originaldest => "$ipaddress",
@@ -121,7 +121,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
shorewall::rule { 'puppetmaster-8':
action => 'DNAT',
source => '$FW',
- destination => "fw:$destination:$puppetmaster_nonssl_port",
+ destination => "$zone:$destination:$puppetmaster_nonssl_port",
proto => 'udp',
destinationport => "$puppetmaster_nonssl_port",
originaldest => "$ipaddress",
@@ -130,11 +130,11 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
}
}
-class firewall::vserver::gitd($destination) {
+class firewall::vserver::gitd($destination, $zone = 'fw') {
shorewall::rule { 'git-daemon-1':
action => 'DNAT',
source => 'net',
- destination => "fw:$destination:9418",
+ destination => "$zone:$destination:9418",
proto => 'tcp',
destinationport => '9418',
ratelimit => '-',
@@ -144,7 +144,7 @@ class firewall::vserver::gitd($destination) {
shorewall::rule { 'git-daemon-2':
action => 'DNAT',
source => '$FW',
- destination => "fw:$destination:9418",
+ destination => "$zone:$destination:9418",
proto => 'tcp',
destinationport => '9418',
originaldest => "$ipaddress",
@@ -153,11 +153,11 @@ class firewall::vserver::gitd($destination) {
}
}
-class firewall::vserver::icecast($destination) {
+class firewall::vserver::icecast($destination, $zone = 'fw') {
shorewall::rule { 'icecast-1':
action => 'DNAT',
source => 'net',
- destination => "fw:$destination:8000",
+ destination => "$zone:$destination:8000",
proto => 'tcp',
destinationport => '8000',
ratelimit => '-',
@@ -167,7 +167,7 @@ class firewall::vserver::icecast($destination) {
shorewall::rule { 'icecast-2':
action => 'DNAT',
source => '$FW',
- destination => "fw:$destination:8000",
+ destination => "$zone:$destination:8000",
proto => 'tcp',
destinationport => '8000',
originaldest => "$ipaddress",
@@ -176,11 +176,11 @@ class firewall::vserver::icecast($destination) {
}
}
-class firewall::vserver::mail($destination) {
+class firewall::vserver::mail($destination, $zone = 'fw') {
shorewall::rule { 'mail-1':
action => 'DNAT',
source => 'net',
- destination => "fw:$destination:25",
+ destination => "$zone:$destination:25",
proto => 'tcp',
destinationport => '25',
ratelimit => '-',
@@ -190,7 +190,7 @@ class firewall::vserver::mail($destination) {
shorewall::rule { 'mail-2':
action => 'DNAT',
source => '$FW',
- destination => "fw:$destination:25",
+ destination => "$zone:$destination:25",
proto => 'tcp',
destinationport => '25',
originaldest => "$ipaddress",
@@ -201,7 +201,7 @@ class firewall::vserver::mail($destination) {
shorewall::rule { 'mail-3':
action => 'DNAT',
source => 'net',
- destination => "fw:$destination:993",
+ destination => "$zone:$destination:993",
proto => 'tcp',
destinationport => '993',
ratelimit => '-',
@@ -211,7 +211,7 @@ class firewall::vserver::mail($destination) {
shorewall::rule { 'mail-4':
action => 'DNAT',
source => '$FW',
- destination => "fw:$destination:993",
+ destination => "$zone:$destination:993",
proto => 'tcp',
destinationport => '993',
originaldest => "$ipaddress",
@@ -249,13 +249,13 @@ define firewall::vserver::ssh($destination, $port_orig = '22', $port_dest = '',
}
}
-define firewall::vserver::munin($destination, $port_orig, $port_dest = '', $order = '400') {
+define firewall::vserver::munin($destination, $port_orig, $port_dest = '', $order = '400', $zone = 'fw') {
shorewall::rule { "munin-$name-1":
action => 'DNAT',
source => 'net',
destination => $port_dest ? {
- '' => "fw:$destination",
- default => "fw:$destination:$port_dest",
+ '' => "$zone:$destination",
+ default => "$zone:$destination:$port_dest",
},
proto => 'tcp',
destinationport => "$port_orig",
@@ -267,8 +267,8 @@ define firewall::vserver::munin($destination, $port_orig, $port_dest = '', $orde
action => 'DNAT',
source => '$FW',
destination => $port_dest ? {
- '' => "fw:$destination",
- default => "fw:$destination:$port_dest",
+ '' => "$zone:$destination",
+ default => "$zone:$destination:$port_dest",
},
proto => 'tcp',
destinationport => "$port_orig",