aboutsummaryrefslogtreecommitdiff
path: root/manifests/subsystems/firewall.pp
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/subsystems/firewall.pp')
-rw-r--r--manifests/subsystems/firewall.pp23
1 files changed, 14 insertions, 9 deletions
diff --git a/manifests/subsystems/firewall.pp b/manifests/subsystems/firewall.pp
index 3de9089..ae0241e 100644
--- a/manifests/subsystems/firewall.pp
+++ b/manifests/subsystems/firewall.pp
@@ -12,7 +12,7 @@ class firewall {
# Interfaces
#
shorewall::interface { 'eth0':
- zone => '-',
+ zone => 'net',
rfc1918 => $rfc1918,
}
@@ -208,8 +208,13 @@ class firewall {
default => $shorewall_dmz_iface,
}
+ $shorewall_dmz_network = $shorewall_dmz_network ? {
+ '' => '192.168.1.0/24',
+ default => $shorewall_dmz_network,
+ }
+
shorewall::host { "$shorewall_dmz_iface-dmz":
- name => "$shorewall_dmz_iface:192.168.1.0/24",
+ name => "$shorewall_dmz_iface:$shorewall_dmz_network",
zone => 'dmz',
options => '',
order => '3',
@@ -350,11 +355,11 @@ class firewall::torrent {
}
}
-class firewall::router::http($destination) {
+class firewall::router::http($destination, $zone = 'vm') {
shorewall::rule { 'http-route-1':
action => 'DNAT',
source => 'net',
- destination => "vm:$destination:80",
+ destination => "$zone:$destination:80",
proto => 'tcp',
destinationport => '80',
ratelimit => '-',
@@ -373,11 +378,11 @@ class firewall::router::http($destination) {
}
}
-class firewall::router::https($destination) {
+class firewall::router::https($destination, $zone = 'vm') {
shorewall::rule { 'https-route-1':
action => 'DNAT',
source => 'net',
- destination => "vm:$destination:443",
+ destination => "$zone:$destination:443",
proto => 'tcp',
destinationport => '443',
ratelimit => '-',
@@ -572,13 +577,13 @@ class firewall::router::mail($destination) {
}
}
-define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '') {
+define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'vm') {
shorewall::rule { "ssh-$name-1":
action => 'DNAT',
source => 'net',
destination => $port_dest ? {
- '' => "vm:$destination",
- default => "vm:$destination:$port_dest",
+ '' => "$zone:$destination",
+ default => "$zone:$destination:$port_dest",
},
proto => 'tcp',
destinationport => "$port_orig",