diff options
Diffstat (limited to 'manifests/subsystems/firewall/router.pp')
-rw-r--r-- | manifests/subsystems/firewall/router.pp | 137 |
1 files changed, 8 insertions, 129 deletions
diff --git a/manifests/subsystems/firewall/router.pp b/manifests/subsystems/firewall/router.pp index 1e45be0..8f6097c 100644 --- a/manifests/subsystems/firewall/router.pp +++ b/manifests/subsystems/firewall/router.pp @@ -1,5 +1,4 @@ -class firewall::router::http($destination, $zone = 'loc', $routeback = false, $routeback_dest = '', - $routeback_external_ip = '', $routeback_iface = 'eth1') { +class firewall::router::http($destination, $zone = 'loc') { shorewall::rule { 'http-route': action => 'DNAT', source => 'all', @@ -9,18 +8,9 @@ class firewall::router::http($destination, $zone = 'loc', $routeback = false, $r ratelimit => '-', order => '600', } - - if $routeback { - firewall::router::hairpinning { 'http-route': - interface => $routeback_iface, - destination => $routeback_dest, - external_ip => $routeback_external_ip, - } - } } -class firewall::router::https($destination, $zone = 'loc', $routeback = false, $routeback_dest = '', - $routeback_external_ip = '', $routeback_iface = 'eth1') { +class firewall::router::https($destination, $zone = 'loc') { shorewall::rule { 'https-route': action => 'DNAT', source => 'all', @@ -30,22 +20,10 @@ class firewall::router::https($destination, $zone = 'loc', $routeback = false, $ ratelimit => '-', order => '602', } - - if $routeback { - firewall::router::hairpinning { 'https-route': - interface => $routeback_iface, - destination => $routeback_dest, - external_ip => $routeback_external_ip, - proto => 'tcp', - port => '443', - } - } } class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140', - $puppetmaster_nonssl_port = '8141', $zone = 'loc', $routeback = false, - $routeback_dest = '', $routeback_external_ip = '', - $routeback_iface = 'eth1') { + $puppetmaster_nonssl_port = '8141', $zone = 'loc') { shorewall::rule { 'puppetmaster-1': action => 'DNAT', source => 'all', @@ -85,44 +63,9 @@ class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140', ratelimit => '-', order => '705', } - - if $routeback { - firewall::router::hairpinning { 'puppetmaster-1': - interface => $routeback_iface, - destination => $routeback_dest, - external_ip => $routeback_external_ip, - proto => 'tcp', - port => $puppetmaster_port, - } - - firewall::router::hairpinning { 'puppetmaster-2': - interface => $routeback_iface, - destination => $routeback_dest, - external_ip => $routeback_external_ip, - proto => 'udp', - port => $puppetmaster_port, - } - - firewall::router::hairpinning { 'puppetmaster-3': - interface => $routeback_iface, - destination => $routeback_dest, - external_ip => $routeback_external_ip, - proto => 'tcp', - port => $puppetmaster_nonssl_port, - } - - firewall::router::hairpinning { 'puppetmaster-4': - interface => $routeback_iface, - destination => $routeback_dest, - external_ip => $routeback_external_ip, - proto => 'udp', - port => $puppetmaster_nonssl_port, - } - } } -class firewall::router::gitd($destination, $zone = 'loc', $routeback = false, $routeback_dest = '', - $routeback_external_ip = '', $routeback_iface = 'eth1') { +class firewall::router::gitd($destination, $zone = 'loc') { shorewall::rule { 'git-daemon': action => 'DNAT', source => 'net', @@ -132,20 +75,9 @@ class firewall::router::gitd($destination, $zone = 'loc', $routeback = false, $r ratelimit => '-', order => '800', } - - if $routeback { - firewall::router::hairpinning { 'git-daemon': - interface => $routeback_iface, - destination => $routeback_dest, - external_ip => $routeback_external_ip, - proto => 'tcp', - port => '9418', - } - } } -class firewall::router::icecast($destination, $zone = 'loc', $routeback = false, $routeback_dest = '', - $routeback_external_ip = '', $routeback_iface = 'eth1') { +class firewall::router::icecast($destination, $zone = 'loc') { shorewall::rule { 'icecast': action => 'DNAT', source => 'all', @@ -155,20 +87,9 @@ class firewall::router::icecast($destination, $zone = 'loc', $routeback = false, ratelimit => '-', order => '900', } - - if $routeback { - firewall::router::hairpinning { 'icecast': - interface => $routeback_iface, - destination => $routeback_dest, - external_ip => $routeback_external_ip, - proto => 'tcp', - port => '8000', - } - } } -class firewall::router::mail($destination, $zone = 'loc', $routeback = false, $routeback_dest = '', - $routeback_external_ip = '', $routeback_iface = 'eth1') { +class firewall::router::mail($destination, $zone = 'loc') { shorewall::rule { 'mail-1': action => 'DNAT', source => 'all', @@ -188,29 +109,9 @@ class firewall::router::mail($destination, $zone = 'loc', $routeback = false, $r ratelimit => '-', order => '1002', } - - if $routeback { - firewall::router::hairpinning { 'mail-1': - interface => $routeback_iface, - destination => $routeback_dest, - external_ip => $routeback_external_ip, - proto => 'tcp', - port => '25', - } - - firewall::router::hairpinning { 'mail-2': - interface => $routeback_iface, - destination => $routeback_dest, - external_ip => $routeback_external_ip, - proto => 'tcp', - port => '993', - } - } } -define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'loc', - $routeback = false, $routeback_dest = '', $routeback_external_ip = '', - $routeback_iface = 'eth1') { +define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'loc') { shorewall::rule { "ssh-$name": action => 'DNAT', source => 'all', @@ -223,21 +124,9 @@ define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $ ratelimit => '-', order => "2$port_orig", } - - if $routeback { - firewall::router::hairpinning { "ssh-$name": - interface => $routeback_iface, - destination => $routeback_dest, - external_ip => $routeback_external_ip, - proto => 'tcp', - port => $port_dest, - } - } } -define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone = 'loc', - $routeback = false, $routeback_dest = '', $routeback_external_ip = '', - $routeback_iface = 'eth1') { +define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone = 'loc') { shorewall::rule { "munin-$name": action => 'DNAT', source => 'all', @@ -249,16 +138,6 @@ define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone destinationport => "$port_orig", ratelimit => '-', } - - if $routeback { - firewall::router::hairpinning { "munin-$name": - interface => $routeback_iface, - destination => $routeback_dest, - external_ip => $routeback_external_ip, - proto => 'tcp', - port => $port_dest, - } - } } class firewall::router::torrent($destination, $zone = 'loc') { |