aboutsummaryrefslogtreecommitdiff
path: root/manifests
diff options
context:
space:
mode:
Diffstat (limited to 'manifests')
-rw-r--r--manifests/init.pp1
-rw-r--r--manifests/subsystems/firewall.pp49
-rw-r--r--manifests/subsystems/firewall/local.pp46
3 files changed, 52 insertions, 44 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index f4b7d36..129b118 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -82,6 +82,7 @@ import "subsystems/firewall/vserver.pp"
import "subsystems/firewall/torrent.pp"
import "subsystems/firewall/ups.pp"
import "subsystems/firewall/wifi.pp"
+import "subsystems/firewall/local.pp"
# Import nodo classes
import "nodo.pp"
diff --git a/manifests/subsystems/firewall.pp b/manifests/subsystems/firewall.pp
index 0e25e05..841757a 100644
--- a/manifests/subsystems/firewall.pp
+++ b/manifests/subsystems/firewall.pp
@@ -199,51 +199,12 @@ class firewall {
options => "default",
}
- #
- # DMZ Configuration
- #
if $shorewall_local_net {
- $shorewall_local_net_iface = $shorewall_local_net_iface ? {
- '' => 'eth0',
- default => $shorewall_local_net_iface,
- }
-
- $shorewall_local_net_network = $shorewall_local_net_network ? {
- '' => '192.168.1.0/24',
- default => $shorewall_local_net_network,
- }
-
- shorewall::host { "$shorewall_local_net_iface-loc":
- name => "$shorewall_local_net_iface:$shorewall_local_net_network",
- zone => 'loc',
- options => '',
- order => '3',
- }
-
- shorewall::policy { 'loc-all':
- sourcezone => 'loc',
- destinationzone => 'all',
- policy => 'ACCEPT',
- order => '5',
- }
-
- shorewall::policy { 'vm-loc':
- sourcezone => 'vm',
- destinationzone => 'loc',
- policy => 'ACCEPT',
- order => '6',
- }
-
- shorewall::policy { 'fw-loc':
- sourcezone => '$FW',
- destinationzone => 'loc',
- policy => 'ACCEPT',
- order => '7',
- }
-
- shorewall::zone { 'loc':
- type => 'ipv4',
- order => '4',
+ class { 'firewall::local':
+ network => $shorewall_local_net_network,
+ interface => $shorewall_local_net_iface,
+ manage_host => $shorewall_local_net_manage_host,
+ manage_interface => $shorewall_local_net_manage_iface,
}
}
}
diff --git a/manifests/subsystems/firewall/local.pp b/manifests/subsystems/firewall/local.pp
new file mode 100644
index 0000000..71c21cd
--- /dev/null
+++ b/manifests/subsystems/firewall/local.pp
@@ -0,0 +1,46 @@
+class firewall::local($network = '192.168.1.0/24', $interface = 'eth0', $manage_host = true, $manage_interface = false) {
+
+ if $manage_host {
+ shorewall::host { "$interface-loc":
+ name => "$interface:$network",
+ zone => 'loc',
+ options => '',
+ order => '3',
+ }
+ }
+
+ if $manage_interface {
+ shorewall::interface { $interface:
+ zone => 'loc',
+ rfc1918 => true,
+ dhcp => true,
+ options => 'routeback',
+ }
+ }
+
+ shorewall::policy { 'loc-all':
+ sourcezone => 'loc',
+ destinationzone => 'all',
+ policy => 'ACCEPT',
+ order => '5',
+ }
+
+ shorewall::policy { 'vm-loc':
+ sourcezone => 'vm',
+ destinationzone => 'loc',
+ policy => 'ACCEPT',
+ order => '6',
+ }
+
+ shorewall::policy { 'fw-loc':
+ sourcezone => '$FW',
+ destinationzone => 'loc',
+ policy => 'ACCEPT',
+ order => '7',
+ }
+
+ shorewall::zone { 'loc':
+ type => 'ipv4',
+ order => '4',
+ }
+}