diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2013-04-12 17:09:03 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2013-04-12 17:09:03 -0300 |
commit | fe1c86b8f938283e9dd8196a8b11a9648f4b49e6 (patch) | |
tree | c2d999eca03862a3e4af57e0885397adf6bbc6ec /manifests/role/router.pp | |
parent | ec5c750d12bdc7948bb3c04f0c72817718a0bf47 (diff) | |
download | puppet-nodo-fe1c86b8f938283e9dd8196a8b11a9648f4b49e6.tar.gz puppet-nodo-fe1c86b8f938283e9dd8196a8b11a9648f4b49e6.tar.bz2 |
Major refactor
Diffstat (limited to 'manifests/role/router.pp')
-rw-r--r-- | manifests/role/router.pp | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/manifests/role/router.pp b/manifests/role/router.pp new file mode 100644 index 0000000..068837d --- /dev/null +++ b/manifests/role/router.pp @@ -0,0 +1,25 @@ +class nodo::role::router inherits nodo::appliance { + # We use monitor class on the router as the DNS server might by + # inside a vserver and thus cannot access the network devices directly + include nodo::utils::dns + + # Network auditing + include nodo::utils::network::analyzer + + # Enable IP forwarding + augeas { 'enable_ip_forwarding': + changes => 'set /files/etc/shorewall/shorewall.conf/IP_FORWARDING On', + lens => 'Shellvars.lns', + incl => '/etc/shorewall/shorewall.conf', + notify => Service[shorewall]; + } + + # Make sure shorewall is reloaded after dhcp renew + file { '/etc/dhcp/dhclient-exit-hooks.d/shorewall': + ensure => present, + owner => root, + group => root, + mode => 0644, + source => 'puppet:///modules/site_nodo/dhclient-exit-hooks.d/shorewall' + } +} |