diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2010-02-20 14:29:56 -0200 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2010-02-20 14:29:56 -0200 |
| commit | b9f8f6df802838dbd9dc9736e7e888f51d0f8fb8 (patch) | |
| tree | 2c7cb9e00ab6d028d26d48ed0e0772c54604ebaf /manifests/init.pp | |
| parent | 78fe56d3eefd7ba5e1dd3f63ff9dd54e5ab39580 (diff) | |
| download | puppet-nodo-b9f8f6df802838dbd9dc9736e7e888f51d0f8fb8.tar.gz puppet-nodo-b9f8f6df802838dbd9dc9736e7e888f51d0f8fb8.tar.bz2 | |
Changing firewall rules for munin and gitd
Diffstat (limited to 'manifests/init.pp')
| -rw-r--r-- | manifests/init.pp | 41 |
1 files changed, 27 insertions, 14 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index ec61a5b..5b7dea1 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -280,6 +280,17 @@ class nodo::vserver inherits nodo { order => "4$id", } + shorewall::rule { "munin-$context": + action => 'DNAT', + source => '$FW', + destination => "fw:192.168.0.$context:49$id", + proto => 'tcp', + destinationport => "49$id", + originaldest => "$ipaddress", + ratelimit => '-', + order => "5$id", + } + if $proxy { shorewall::rule { 'http-route-1': action => 'DNAT', @@ -288,7 +299,7 @@ class nodo::vserver inherits nodo { proto => 'tcp', destinationport => '80', ratelimit => '-', - order => '500', + order => '600', } shorewall::rule { 'http-route-2': @@ -299,7 +310,7 @@ class nodo::vserver inherits nodo { destinationport => '80', originaldest => "$ipaddress", ratelimit => '-', - order => '501', + order => '601', } shorewall::rule { 'https-route-1': @@ -309,7 +320,7 @@ class nodo::vserver inherits nodo { proto => 'tcp', destinationport => '443', ratelimit => '-', - order => '502', + order => '602', } shorewall::rule { 'https-route-2': @@ -320,7 +331,7 @@ class nodo::vserver inherits nodo { destinationport => '443', originaldest => "$ipaddress", ratelimit => '-', - order => '502', + order => '602', } } @@ -332,7 +343,7 @@ class nodo::vserver inherits nodo { proto => 'tcp', destinationport => '8140', ratelimit => '-', - order => '600', + order => '700', } shorewall::rule { 'puppetmaster-2': @@ -342,7 +353,7 @@ class nodo::vserver inherits nodo { proto => 'udp', destinationport => '8140', ratelimit => '-', - order => '601', + order => '701', } shorewall::rule { 'puppetmaster-3': @@ -353,7 +364,7 @@ class nodo::vserver inherits nodo { destinationport => '8140', originaldest => "$ipaddress", ratelimit => '-', - order => '602', + order => '702', } shorewall::rule { 'puppetmaster-4': @@ -364,7 +375,7 @@ class nodo::vserver inherits nodo { destinationport => '8140', originaldest => "$ipaddress", ratelimit => '-', - order => '603', + order => '703', } } @@ -376,17 +387,18 @@ class nodo::vserver inherits nodo { proto => 'tcp', destinationport => '9418', ratelimit => '-', - order => '700', + order => '800', } shorewall::rule { 'git-daemon-2': action => 'DNAT', source => '$FW', - destination => "vm:192.168.0.$context:9418", + destination => "fw:192.168.0.$context:9418", proto => 'tcp', destinationport => '9418', + originaldest => "$ipaddress", ratelimit => '-', - order => '701', + order => '801', } } @@ -398,17 +410,18 @@ class nodo::vserver inherits nodo { proto => 'tcp', destinationport => '8000', ratelimit => '-', - order => '800', + order => '900', } shorewall::rule { 'icecast-2': action => 'DNAT', source => '$FW', - destination => "vm:192.168.0.$context:8000", + destination => "fw:192.168.0.$context:8000", proto => 'tcp', destinationport => '8000', + originaldest => "$ipaddress", ratelimit => '-', - order => '801', + order => '901', } } } |