diff options
Diffstat (limited to 'manifests/subsystems/firewall.pp')
-rw-r--r-- | manifests/subsystems/firewall.pp | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/manifests/subsystems/firewall.pp b/manifests/subsystems/firewall.pp index 3de9089..ae0241e 100644 --- a/manifests/subsystems/firewall.pp +++ b/manifests/subsystems/firewall.pp @@ -12,7 +12,7 @@ class firewall { # Interfaces # shorewall::interface { 'eth0': - zone => '-', + zone => 'net', rfc1918 => $rfc1918, } @@ -208,8 +208,13 @@ class firewall { default => $shorewall_dmz_iface, } + $shorewall_dmz_network = $shorewall_dmz_network ? { + '' => '192.168.1.0/24', + default => $shorewall_dmz_network, + } + shorewall::host { "$shorewall_dmz_iface-dmz": - name => "$shorewall_dmz_iface:192.168.1.0/24", + name => "$shorewall_dmz_iface:$shorewall_dmz_network", zone => 'dmz', options => '', order => '3', @@ -350,11 +355,11 @@ class firewall::torrent { } } -class firewall::router::http($destination) { +class firewall::router::http($destination, $zone = 'vm') { shorewall::rule { 'http-route-1': action => 'DNAT', source => 'net', - destination => "vm:$destination:80", + destination => "$zone:$destination:80", proto => 'tcp', destinationport => '80', ratelimit => '-', @@ -373,11 +378,11 @@ class firewall::router::http($destination) { } } -class firewall::router::https($destination) { +class firewall::router::https($destination, $zone = 'vm') { shorewall::rule { 'https-route-1': action => 'DNAT', source => 'net', - destination => "vm:$destination:443", + destination => "$zone:$destination:443", proto => 'tcp', destinationport => '443', ratelimit => '-', @@ -572,13 +577,13 @@ class firewall::router::mail($destination) { } } -define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '') { +define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'vm') { shorewall::rule { "ssh-$name-1": action => 'DNAT', source => 'net', destination => $port_dest ? { - '' => "vm:$destination", - default => "vm:$destination:$port_dest", + '' => "$zone:$destination", + default => "$zone:$destination:$port_dest", }, proto => 'tcp', destinationport => "$port_orig", |