diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2011-08-10 21:03:23 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2011-08-10 21:03:23 -0300 |
commit | 828e66eb22a5c3f211aa2402e49c6c9ac87b3dea (patch) | |
tree | 9e1ff2c5f69ee31ea33a0bbf1fad9eee775d232d | |
parent | 340802efc48214bc84747cbcb1324d15fce9386d (diff) | |
download | puppet-nodo-828e66eb22a5c3f211aa2402e49c6c9ac87b3dea.tar.gz puppet-nodo-828e66eb22a5c3f211aa2402e49c6c9ac87b3dea.tar.bz2 |
Using loc instead of dmz
-rw-r--r-- | manifests/subsystems/firewall.pp | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/manifests/subsystems/firewall.pp b/manifests/subsystems/firewall.pp index ae0241e..4151d06 100644 --- a/manifests/subsystems/firewall.pp +++ b/manifests/subsystems/firewall.pp @@ -2,7 +2,7 @@ class firewall { include shorewall - $rfc1918 = $shorewall_dmz ? { + $rfc1918 = $shorewall_local_net ? { true => true, false => false, default => false, @@ -202,46 +202,46 @@ class firewall { # # DMZ Configuration # - if $shorewall_dmz { - $shorewall_dmz_iface = $shorewall_dmz_iface ? { + if $shorewall_local_net { + $shorewall_local_net_iface = $shorewall_local_net_iface ? { '' => 'eth0', - default => $shorewall_dmz_iface, + default => $shorewall_local_net_iface, } - $shorewall_dmz_network = $shorewall_dmz_network ? { + $shorewall_local_net_network = $shorewall_local_net_network ? { '' => '192.168.1.0/24', - default => $shorewall_dmz_network, + default => $shorewall_local_net_network, } - shorewall::host { "$shorewall_dmz_iface-dmz": - name => "$shorewall_dmz_iface:$shorewall_dmz_network", - zone => 'dmz', + shorewall::host { "$shorewall_local_net_iface-loc": + name => "$shorewall_local_net_iface:$shorewall_local_net_network", + zone => 'loc', options => '', order => '3', } - shorewall::policy { 'dmz-all': - sourcezone => 'dmz', + shorewall::policy { 'loc-all': + sourcezone => 'loc', destinationzone => 'all', policy => 'ACCEPT', order => '5', } - shorewall::policy { 'vm-dmz': + shorewall::policy { 'vm-loc': sourcezone => 'vm', - destinationzone => 'dmz', + destinationzone => 'loc', policy => 'ACCEPT', order => '6', } - shorewall::policy { 'fw-dmz': + shorewall::policy { 'fw-loc': sourcezone => '$FW', - destinationzone => 'dmz', + destinationzone => 'loc', policy => 'ACCEPT', order => '7', } - shorewall::zone { 'dmz': + shorewall::zone { 'loc': type => 'ipv4', order => '4', } @@ -249,7 +249,7 @@ class firewall { } class firewall::wifi { - $rfc1918 = $shorewall_dmz ? { + $rfc1918 = $shorewall_local_net ? { true => true, false => false, default => false, |