diff options
Diffstat (limited to 'manifests/subsystems')
-rw-r--r-- | manifests/subsystems/firewall/router.pp | 49 |
1 files changed, 26 insertions, 23 deletions
diff --git a/manifests/subsystems/firewall/router.pp b/manifests/subsystems/firewall/router.pp index a8d18c5..7b01be6 100644 --- a/manifests/subsystems/firewall/router.pp +++ b/manifests/subsystems/firewall/router.pp @@ -1,4 +1,4 @@ -class firewall::router::http($destination, $zone = 'loc') { +class firewall::router::http($destination, $zone = 'loc', $originaldest = $ipaddress) { shorewall::rule { 'http-route-1': action => 'DNAT', source => 'net', @@ -15,13 +15,13 @@ class firewall::router::http($destination, $zone = 'loc') { destination => "fw:$destination:80", proto => 'tcp', destinationport => '80', - originaldest => "$ipaddress", + originaldest => "$originaldest", ratelimit => '-', order => '601', } } -class firewall::router::https($destination, $zone = 'loc') { +class firewall::router::https($destination, $zone = 'loc', $originaldest = $ipaddress) { shorewall::rule { 'https-route-1': action => 'DNAT', source => 'net', @@ -38,14 +38,15 @@ class firewall::router::https($destination, $zone = 'loc') { destination => "fw:$destination:443", proto => 'tcp', destinationport => '443', - originaldest => "$ipaddress", + originaldest => "$originaldest", ratelimit => '-', order => '602', } } class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140', - $puppetmaster_nonssl_port = '8141', $zone = 'loc') { + $puppetmaster_nonssl_port = '8141', $zone = 'loc', + $originaldest = $ipaddress) { shorewall::rule { 'puppetmaster-1': action => 'DNAT', source => 'net', @@ -72,7 +73,7 @@ class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140', destination => "$zone:$destination:$puppetmaster_port", proto => 'tcp', destinationport => "$puppetmaster_port", - originaldest => "$ipaddress", + originaldest => "$originaldest", ratelimit => '-', order => '702', } @@ -83,7 +84,7 @@ class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140', destination => "$zone:$destination:$puppetmaster_port", proto => 'udp', destinationport => "$puppetmaster_port", - originaldest => "$ipaddress", + originaldest => "$originaldest", ratelimit => '-', order => '703', } @@ -114,7 +115,7 @@ class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140', destination => "$zone:$destination:$puppetmaster_nonssl_port", proto => 'tcp', destinationport => "$puppetmaster_nonssl_port", - originaldest => "$ipaddress", + originaldest => "$originaldest", ratelimit => '-', order => '706', } @@ -125,13 +126,13 @@ class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140', destination => "$zone:$destination:$puppetmaster_nonssl_port", proto => 'udp', destinationport => "$puppetmaster_nonssl_port", - originaldest => "$ipaddress", + originaldest => "$originaldest", ratelimit => '-', order => '707', } } -class firewall::router::gitd($destination, $zone = 'loc') { +class firewall::router::gitd($destination, $zone = 'loc', $originaldest = $ipaddress) { shorewall::rule { 'git-daemon-1': action => 'DNAT', source => 'net', @@ -148,13 +149,13 @@ class firewall::router::gitd($destination, $zone = 'loc') { destination => "$zone:$destination:9418", proto => 'tcp', destinationport => '9418', - originaldest => "$ipaddress", + originaldest => "$originaldest", ratelimit => '-', order => '801', } } -class firewall::router::icecast($destination, $zone = 'loc') { +class firewall::router::icecast($destination, $zone = 'loc', $originaldest = $ipaddress) { shorewall::rule { 'icecast-1': action => 'DNAT', source => 'net', @@ -171,13 +172,13 @@ class firewall::router::icecast($destination, $zone = 'loc') { destination => "$zone:$destination:8000", proto => 'tcp', destinationport => '8000', - originaldest => "$ipaddress", + originaldest => "$originaldest", ratelimit => '-', order => '901', } } -class firewall::router::mail($destination, $zone = 'loc') { +class firewall::router::mail($destination, $zone = 'loc', $originaldest = $ipaddress) { shorewall::rule { 'mail-1': action => 'DNAT', source => 'net', @@ -194,7 +195,7 @@ class firewall::router::mail($destination, $zone = 'loc') { destination => "$zone:$destination:25", proto => 'tcp', destinationport => '25', - originaldest => "$ipaddress", + originaldest => "$originaldest", ratelimit => '-', order => '1001', } @@ -215,13 +216,14 @@ class firewall::router::mail($destination, $zone = 'loc') { destination => "$zone:$destination:993", proto => 'tcp', destinationport => '993', - originaldest => "$ipaddress", + originaldest => "$originaldest", ratelimit => '-', order => '1003', } } -define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'loc') { +define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'loc', + $originaldest = $ipaddress) { shorewall::rule { "ssh-$name-1": action => 'DNAT', source => 'net', @@ -244,13 +246,14 @@ define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $ }, proto => 'tcp', destinationport => "$port_orig", - originaldest => "$ipaddress", + originaldest => "$originaldest", ratelimit => '-', order => "2$port_orig", } } -define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone = 'loc', $order = '400') { +define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone = 'loc', + $order = '400', $originaldest = $ipaddress) { shorewall::rule { "munin-$name-1": action => 'DNAT', source => 'net', @@ -273,13 +276,13 @@ define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone }, proto => 'tcp', destinationport => "$port_orig", - originaldest => "$ipaddress", + originaldest => "$originaldest", ratelimit => '-', order => $order, } } -class firewall::router::torrent($destination, $zone = 'loc') { +class firewall::router::torrent($destination, $zone = 'loc', $originaldest = $ipaddress) { shorewall::rule { "torrent-tcp-1": action => 'DNAT', source => 'net', @@ -296,7 +299,7 @@ class firewall::router::torrent($destination, $zone = 'loc') { destination => "$zone:$destination", proto => 'tcp', destinationport => "6881:6999", - originaldest => "$ipaddress", + originaldest => "$originaldest", ratelimit => '-', order => "200", } @@ -317,7 +320,7 @@ class firewall::router::torrent($destination, $zone = 'loc') { destination => "$zone:$destination", proto => 'udp', destinationport => "6881:6999", - originaldest => "$ipaddress", + originaldest => "$originaldest", ratelimit => '-', order => "201", } |