diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2012-04-15 18:05:24 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2012-04-15 18:05:24 -0300 |
| commit | a4c8eac733cb03e850c0e6636c86538a701d04f9 (patch) | |
| tree | 1a976984219b60285747e5166e401f63d7802436 /manifests/subsystems/firewall | |
| parent | 5f92ef80004acf4e3cf9880c7d517cfdbbc1e61a (diff) | |
| download | puppet-nodo-a4c8eac733cb03e850c0e6636c86538a701d04f9.tar.gz puppet-nodo-a4c8eac733cb03e850c0e6636c86538a701d04f9.tar.bz2 | |
Adding firewall rules for mumble and jabber vservers
Diffstat (limited to 'manifests/subsystems/firewall')
| -rw-r--r-- | manifests/subsystems/firewall/vserver.pp | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp index 92f7542..cef8748 100644 --- a/manifests/subsystems/firewall/vserver.pp +++ b/manifests/subsystems/firewall/vserver.pp @@ -375,3 +375,81 @@ class firewall::vserver::tor($destination, $zone = 'fw') { order => '2103', } } + +class firewall::vserver::jabber($destination, $zone = 'fw') { + shorewall::rule { 'jabber-0': + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:5222", + proto => 'tcp', + destinationport => '5222', + ratelimit => '-', + order => '2200', + } + + shorewall::rule { 'jabber-1': + action => 'DNAT', + source => '$FW', + destination => "$zone:$destination:5223", + proto => 'tcp', + destinationport => '5223', + originaldest => "$ipaddress", + ratelimit => '-', + order => '2201', + } + + shorewall::rule { 'jabber-2': + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:5269", + proto => 'tcp', + destinationport => '5269', + ratelimit => '-', + order => '2202', + } + + shorewall::rule { 'jabber-3': + action => 'DNAT', + source => '$FW', + destination => "$zone:$destination:4369", + proto => 'tcp', + destinationport => '4369', + originaldest => "$ipaddress", + ratelimit => '-', + order => '2203', + } + + shorewall::rule { 'jabber-4': + action => 'DNAT', + source => '$FW', + destination => "$zone:$destination:4370", + proto => 'tcp', + destinationport => '4370:4375', + originaldest => "$ipaddress", + ratelimit => '-', + order => '2204', + } +} + +class firewall::vserver::mumble($destination, $zone = 'fw') { + shorewall::rule { 'mumble-0': + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:64738", + proto => 'tcp', + destinationport => '64738', + ratelimit => '-', + order => '2300', + } + + shorewall::rule { 'mumble-1': + action => 'DNAT', + source => '$FW', + destination => "$zone:$destination:64738", + proto => 'tcp', + destinationport => '64738', + originaldest => "$ipaddress", + ratelimit => '-', + order => '2301', + } +} |