aboutsummaryrefslogtreecommitdiff
path: root/manifests/subsystems
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/subsystems')
-rw-r--r--manifests/subsystems/firewall/router.pp49
1 files changed, 26 insertions, 23 deletions
diff --git a/manifests/subsystems/firewall/router.pp b/manifests/subsystems/firewall/router.pp
index a8d18c5..7b01be6 100644
--- a/manifests/subsystems/firewall/router.pp
+++ b/manifests/subsystems/firewall/router.pp
@@ -1,4 +1,4 @@
-class firewall::router::http($destination, $zone = 'loc') {
+class firewall::router::http($destination, $zone = 'loc', $originaldest = $ipaddress) {
shorewall::rule { 'http-route-1':
action => 'DNAT',
source => 'net',
@@ -15,13 +15,13 @@ class firewall::router::http($destination, $zone = 'loc') {
destination => "fw:$destination:80",
proto => 'tcp',
destinationport => '80',
- originaldest => "$ipaddress",
+ originaldest => "$originaldest",
ratelimit => '-',
order => '601',
}
}
-class firewall::router::https($destination, $zone = 'loc') {
+class firewall::router::https($destination, $zone = 'loc', $originaldest = $ipaddress) {
shorewall::rule { 'https-route-1':
action => 'DNAT',
source => 'net',
@@ -38,14 +38,15 @@ class firewall::router::https($destination, $zone = 'loc') {
destination => "fw:$destination:443",
proto => 'tcp',
destinationport => '443',
- originaldest => "$ipaddress",
+ originaldest => "$originaldest",
ratelimit => '-',
order => '602',
}
}
class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140',
- $puppetmaster_nonssl_port = '8141', $zone = 'loc') {
+ $puppetmaster_nonssl_port = '8141', $zone = 'loc',
+ $originaldest = $ipaddress) {
shorewall::rule { 'puppetmaster-1':
action => 'DNAT',
source => 'net',
@@ -72,7 +73,7 @@ class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140',
destination => "$zone:$destination:$puppetmaster_port",
proto => 'tcp',
destinationport => "$puppetmaster_port",
- originaldest => "$ipaddress",
+ originaldest => "$originaldest",
ratelimit => '-',
order => '702',
}
@@ -83,7 +84,7 @@ class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140',
destination => "$zone:$destination:$puppetmaster_port",
proto => 'udp',
destinationport => "$puppetmaster_port",
- originaldest => "$ipaddress",
+ originaldest => "$originaldest",
ratelimit => '-',
order => '703',
}
@@ -114,7 +115,7 @@ class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140',
destination => "$zone:$destination:$puppetmaster_nonssl_port",
proto => 'tcp',
destinationport => "$puppetmaster_nonssl_port",
- originaldest => "$ipaddress",
+ originaldest => "$originaldest",
ratelimit => '-',
order => '706',
}
@@ -125,13 +126,13 @@ class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140',
destination => "$zone:$destination:$puppetmaster_nonssl_port",
proto => 'udp',
destinationport => "$puppetmaster_nonssl_port",
- originaldest => "$ipaddress",
+ originaldest => "$originaldest",
ratelimit => '-',
order => '707',
}
}
-class firewall::router::gitd($destination, $zone = 'loc') {
+class firewall::router::gitd($destination, $zone = 'loc', $originaldest = $ipaddress) {
shorewall::rule { 'git-daemon-1':
action => 'DNAT',
source => 'net',
@@ -148,13 +149,13 @@ class firewall::router::gitd($destination, $zone = 'loc') {
destination => "$zone:$destination:9418",
proto => 'tcp',
destinationport => '9418',
- originaldest => "$ipaddress",
+ originaldest => "$originaldest",
ratelimit => '-',
order => '801',
}
}
-class firewall::router::icecast($destination, $zone = 'loc') {
+class firewall::router::icecast($destination, $zone = 'loc', $originaldest = $ipaddress) {
shorewall::rule { 'icecast-1':
action => 'DNAT',
source => 'net',
@@ -171,13 +172,13 @@ class firewall::router::icecast($destination, $zone = 'loc') {
destination => "$zone:$destination:8000",
proto => 'tcp',
destinationport => '8000',
- originaldest => "$ipaddress",
+ originaldest => "$originaldest",
ratelimit => '-',
order => '901',
}
}
-class firewall::router::mail($destination, $zone = 'loc') {
+class firewall::router::mail($destination, $zone = 'loc', $originaldest = $ipaddress) {
shorewall::rule { 'mail-1':
action => 'DNAT',
source => 'net',
@@ -194,7 +195,7 @@ class firewall::router::mail($destination, $zone = 'loc') {
destination => "$zone:$destination:25",
proto => 'tcp',
destinationport => '25',
- originaldest => "$ipaddress",
+ originaldest => "$originaldest",
ratelimit => '-',
order => '1001',
}
@@ -215,13 +216,14 @@ class firewall::router::mail($destination, $zone = 'loc') {
destination => "$zone:$destination:993",
proto => 'tcp',
destinationport => '993',
- originaldest => "$ipaddress",
+ originaldest => "$originaldest",
ratelimit => '-',
order => '1003',
}
}
-define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'loc') {
+define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'loc',
+ $originaldest = $ipaddress) {
shorewall::rule { "ssh-$name-1":
action => 'DNAT',
source => 'net',
@@ -244,13 +246,14 @@ define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $
},
proto => 'tcp',
destinationport => "$port_orig",
- originaldest => "$ipaddress",
+ originaldest => "$originaldest",
ratelimit => '-',
order => "2$port_orig",
}
}
-define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone = 'loc', $order = '400') {
+define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone = 'loc',
+ $order = '400', $originaldest = $ipaddress) {
shorewall::rule { "munin-$name-1":
action => 'DNAT',
source => 'net',
@@ -273,13 +276,13 @@ define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone
},
proto => 'tcp',
destinationport => "$port_orig",
- originaldest => "$ipaddress",
+ originaldest => "$originaldest",
ratelimit => '-',
order => $order,
}
}
-class firewall::router::torrent($destination, $zone = 'loc') {
+class firewall::router::torrent($destination, $zone = 'loc', $originaldest = $ipaddress) {
shorewall::rule { "torrent-tcp-1":
action => 'DNAT',
source => 'net',
@@ -296,7 +299,7 @@ class firewall::router::torrent($destination, $zone = 'loc') {
destination => "$zone:$destination",
proto => 'tcp',
destinationport => "6881:6999",
- originaldest => "$ipaddress",
+ originaldest => "$originaldest",
ratelimit => '-',
order => "200",
}
@@ -317,7 +320,7 @@ class firewall::router::torrent($destination, $zone = 'loc') {
destination => "$zone:$destination",
proto => 'udp',
destinationport => "6881:6999",
- originaldest => "$ipaddress",
+ originaldest => "$originaldest",
ratelimit => '-',
order => "201",
}