aboutsummaryrefslogtreecommitdiff
path: root/manifests/subsystems/firewall
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2011-08-11 15:28:56 -0300
committerSilvio Rhatto <rhatto@riseup.net>2011-08-11 15:28:56 -0300
commit5f478e91625da72d244360ea24d0ad7ad3283a93 (patch)
tree4ac63a77af1679f30f83ee11b9095b0d605fb150 /manifests/subsystems/firewall
parent5a635784572610d8b155ce9d907bbbf3d245cf8d (diff)
downloadpuppet-nodo-5f478e91625da72d244360ea24d0ad7ad3283a93.tar.gz
puppet-nodo-5f478e91625da72d244360ea24d0ad7ad3283a93.tar.bz2
Adding firewall::local
Diffstat (limited to 'manifests/subsystems/firewall')
-rw-r--r--manifests/subsystems/firewall/local.pp46
1 files changed, 46 insertions, 0 deletions
diff --git a/manifests/subsystems/firewall/local.pp b/manifests/subsystems/firewall/local.pp
new file mode 100644
index 0000000..71c21cd
--- /dev/null
+++ b/manifests/subsystems/firewall/local.pp
@@ -0,0 +1,46 @@
+class firewall::local($network = '192.168.1.0/24', $interface = 'eth0', $manage_host = true, $manage_interface = false) {
+
+ if $manage_host {
+ shorewall::host { "$interface-loc":
+ name => "$interface:$network",
+ zone => 'loc',
+ options => '',
+ order => '3',
+ }
+ }
+
+ if $manage_interface {
+ shorewall::interface { $interface:
+ zone => 'loc',
+ rfc1918 => true,
+ dhcp => true,
+ options => 'routeback',
+ }
+ }
+
+ shorewall::policy { 'loc-all':
+ sourcezone => 'loc',
+ destinationzone => 'all',
+ policy => 'ACCEPT',
+ order => '5',
+ }
+
+ shorewall::policy { 'vm-loc':
+ sourcezone => 'vm',
+ destinationzone => 'loc',
+ policy => 'ACCEPT',
+ order => '6',
+ }
+
+ shorewall::policy { 'fw-loc':
+ sourcezone => '$FW',
+ destinationzone => 'loc',
+ policy => 'ACCEPT',
+ order => '7',
+ }
+
+ shorewall::zone { 'loc':
+ type => 'ipv4',
+ order => '4',
+ }
+}