diff options
| -rw-r--r-- | manifests/host.pp | 2 | ||||
| -rw-r--r-- | manifests/plug.pp | 3 | ||||
| -rw-r--r-- | manifests/subsystems/firewall.pp | 15 | ||||
| -rw-r--r-- | manifests/subsystems/firewall/local.pp | 7 |
4 files changed, 15 insertions, 12 deletions
diff --git a/manifests/host.pp b/manifests/host.pp index 9464e96..c7af23a 100644 --- a/manifests/host.pp +++ b/manifests/host.pp @@ -11,7 +11,7 @@ class nodo::host inherits nodo { class { 'syslog-ng': } # Firewall configuration - include firewall + class { 'firewall': } # Vserver configuration $vserver_vdirbase = "/var/vservers" diff --git a/manifests/plug.pp b/manifests/plug.pp index 58aa844..74c7d78 100644 --- a/manifests/plug.pp +++ b/manifests/plug.pp @@ -2,11 +2,12 @@ class nodo::plug inherits nodo { include ntpdate include syslog-ng include utils::plug - include firewall include sysctl include resolver include monkeysphere_nodo + class { 'firewall': } + backupninja::sys { "sys": ensure => present, } diff --git a/manifests/subsystems/firewall.pp b/manifests/subsystems/firewall.pp index 293b827..59bc1f1 100644 --- a/manifests/subsystems/firewall.pp +++ b/manifests/subsystems/firewall.pp @@ -1,8 +1,10 @@ # firewall definitions for physical servers -class firewall { +class firewall( + $local_net = hiera('firewall::local_net', false), +) { class { 'shorewall': } - $rfc1918 = $shorewall_local_net ? { + $rfc1918 = $local_net ? { true => true, false => false, default => false, @@ -201,12 +203,7 @@ class firewall { options => "default", } - if $shorewall_local_net { - class { "firewall::local": - network => $shorewall_local_net_network, - interface => $shorewall_local_net_iface, - manage_host => $shorewall_local_net_manage_host, - manage_interface => $shorewall_local_net_manage_iface, - } + if $local_net { + class { "firewall::local": } } } diff --git a/manifests/subsystems/firewall/local.pp b/manifests/subsystems/firewall/local.pp index d998b8e..f24ac0c 100644 --- a/manifests/subsystems/firewall/local.pp +++ b/manifests/subsystems/firewall/local.pp @@ -1,4 +1,9 @@ -class firewall::local($network = '192.168.1.0/24', $interface = 'eth0', $manage_host = true, $manage_interface = false) { +class firewall::local( + $network = hiera('firewall::local::network, '192.168.1.0/24'), + $interface = hiera('firewall::local::interface', 'eth0'), + $manage_host = hiera('firewall::local::manage_host', True), + $manage_interface = hiera('firewall::local::manage_iface, false) +) { if $manage_host { shorewall::host { "$interface-loc": |