diff options
Diffstat (limited to 'manifests/subsystems/firewall.pp')
-rw-r--r-- | manifests/subsystems/firewall.pp | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/manifests/subsystems/firewall.pp b/manifests/subsystems/firewall.pp index ae0241e..4151d06 100644 --- a/manifests/subsystems/firewall.pp +++ b/manifests/subsystems/firewall.pp @@ -2,7 +2,7 @@ class firewall { include shorewall - $rfc1918 = $shorewall_dmz ? { + $rfc1918 = $shorewall_local_net ? { true => true, false => false, default => false, @@ -202,46 +202,46 @@ class firewall { # # DMZ Configuration # - if $shorewall_dmz { - $shorewall_dmz_iface = $shorewall_dmz_iface ? { + if $shorewall_local_net { + $shorewall_local_net_iface = $shorewall_local_net_iface ? { '' => 'eth0', - default => $shorewall_dmz_iface, + default => $shorewall_local_net_iface, } - $shorewall_dmz_network = $shorewall_dmz_network ? { + $shorewall_local_net_network = $shorewall_local_net_network ? { '' => '192.168.1.0/24', - default => $shorewall_dmz_network, + default => $shorewall_local_net_network, } - shorewall::host { "$shorewall_dmz_iface-dmz": - name => "$shorewall_dmz_iface:$shorewall_dmz_network", - zone => 'dmz', + shorewall::host { "$shorewall_local_net_iface-loc": + name => "$shorewall_local_net_iface:$shorewall_local_net_network", + zone => 'loc', options => '', order => '3', } - shorewall::policy { 'dmz-all': - sourcezone => 'dmz', + shorewall::policy { 'loc-all': + sourcezone => 'loc', destinationzone => 'all', policy => 'ACCEPT', order => '5', } - shorewall::policy { 'vm-dmz': + shorewall::policy { 'vm-loc': sourcezone => 'vm', - destinationzone => 'dmz', + destinationzone => 'loc', policy => 'ACCEPT', order => '6', } - shorewall::policy { 'fw-dmz': + shorewall::policy { 'fw-loc': sourcezone => '$FW', - destinationzone => 'dmz', + destinationzone => 'loc', policy => 'ACCEPT', order => '7', } - shorewall::zone { 'dmz': + shorewall::zone { 'loc': type => 'ipv4', order => '4', } @@ -249,7 +249,7 @@ class firewall { } class firewall::wifi { - $rfc1918 = $shorewall_dmz ? { + $rfc1918 = $shorewall_local_net ? { true => true, false => false, default => false, |