aboutsummaryrefslogtreecommitdiff
path: root/manifests/subsystems
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/subsystems')
-rw-r--r--manifests/subsystems/firewall.pp15
-rw-r--r--manifests/subsystems/firewall/local.pp7
2 files changed, 12 insertions, 10 deletions
diff --git a/manifests/subsystems/firewall.pp b/manifests/subsystems/firewall.pp
index 293b827..59bc1f1 100644
--- a/manifests/subsystems/firewall.pp
+++ b/manifests/subsystems/firewall.pp
@@ -1,8 +1,10 @@
# firewall definitions for physical servers
-class firewall {
+class firewall(
+ $local_net = hiera('firewall::local_net', false),
+) {
class { 'shorewall': }
- $rfc1918 = $shorewall_local_net ? {
+ $rfc1918 = $local_net ? {
true => true,
false => false,
default => false,
@@ -201,12 +203,7 @@ class firewall {
options => "default",
}
- if $shorewall_local_net {
- class { "firewall::local":
- network => $shorewall_local_net_network,
- interface => $shorewall_local_net_iface,
- manage_host => $shorewall_local_net_manage_host,
- manage_interface => $shorewall_local_net_manage_iface,
- }
+ if $local_net {
+ class { "firewall::local": }
}
}
diff --git a/manifests/subsystems/firewall/local.pp b/manifests/subsystems/firewall/local.pp
index d998b8e..f24ac0c 100644
--- a/manifests/subsystems/firewall/local.pp
+++ b/manifests/subsystems/firewall/local.pp
@@ -1,4 +1,9 @@
-class firewall::local($network = '192.168.1.0/24', $interface = 'eth0', $manage_host = true, $manage_interface = false) {
+class firewall::local(
+ $network = hiera('firewall::local::network, '192.168.1.0/24'),
+ $interface = hiera('firewall::local::interface', 'eth0'),
+ $manage_host = hiera('firewall::local::manage_host', True),
+ $manage_interface = hiera('firewall::local::manage_iface, false)
+) {
if $manage_host {
shorewall::host { "$interface-loc":