diff options
Diffstat (limited to 'manifests/subsystems')
-rw-r--r-- | manifests/subsystems/firewall.pp | 15 | ||||
-rw-r--r-- | manifests/subsystems/firewall/local.pp | 7 |
2 files changed, 12 insertions, 10 deletions
diff --git a/manifests/subsystems/firewall.pp b/manifests/subsystems/firewall.pp index 293b827..59bc1f1 100644 --- a/manifests/subsystems/firewall.pp +++ b/manifests/subsystems/firewall.pp @@ -1,8 +1,10 @@ # firewall definitions for physical servers -class firewall { +class firewall( + $local_net = hiera('firewall::local_net', false), +) { class { 'shorewall': } - $rfc1918 = $shorewall_local_net ? { + $rfc1918 = $local_net ? { true => true, false => false, default => false, @@ -201,12 +203,7 @@ class firewall { options => "default", } - if $shorewall_local_net { - class { "firewall::local": - network => $shorewall_local_net_network, - interface => $shorewall_local_net_iface, - manage_host => $shorewall_local_net_manage_host, - manage_interface => $shorewall_local_net_manage_iface, - } + if $local_net { + class { "firewall::local": } } } diff --git a/manifests/subsystems/firewall/local.pp b/manifests/subsystems/firewall/local.pp index d998b8e..f24ac0c 100644 --- a/manifests/subsystems/firewall/local.pp +++ b/manifests/subsystems/firewall/local.pp @@ -1,4 +1,9 @@ -class firewall::local($network = '192.168.1.0/24', $interface = 'eth0', $manage_host = true, $manage_interface = false) { +class firewall::local( + $network = hiera('firewall::local::network, '192.168.1.0/24'), + $interface = hiera('firewall::local::interface', 'eth0'), + $manage_host = hiera('firewall::local::manage_host', True), + $manage_interface = hiera('firewall::local::manage_iface, false) +) { if $manage_host { shorewall::host { "$interface-loc": |