From a4c8eac733cb03e850c0e6636c86538a701d04f9 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sun, 15 Apr 2012 18:05:24 -0300 Subject: Adding firewall rules for mumble and jabber vservers --- manifests/subsystems/firewall/vserver.pp | 78 ++++++++++++++++++++++++++++++++ manifests/vserver.pp | 15 +++++- 2 files changed, 92 insertions(+), 1 deletion(-) diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp index 92f7542..cef8748 100644 --- a/manifests/subsystems/firewall/vserver.pp +++ b/manifests/subsystems/firewall/vserver.pp @@ -375,3 +375,81 @@ class firewall::vserver::tor($destination, $zone = 'fw') { order => '2103', } } + +class firewall::vserver::jabber($destination, $zone = 'fw') { + shorewall::rule { 'jabber-0': + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:5222", + proto => 'tcp', + destinationport => '5222', + ratelimit => '-', + order => '2200', + } + + shorewall::rule { 'jabber-1': + action => 'DNAT', + source => '$FW', + destination => "$zone:$destination:5223", + proto => 'tcp', + destinationport => '5223', + originaldest => "$ipaddress", + ratelimit => '-', + order => '2201', + } + + shorewall::rule { 'jabber-2': + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:5269", + proto => 'tcp', + destinationport => '5269', + ratelimit => '-', + order => '2202', + } + + shorewall::rule { 'jabber-3': + action => 'DNAT', + source => '$FW', + destination => "$zone:$destination:4369", + proto => 'tcp', + destinationport => '4369', + originaldest => "$ipaddress", + ratelimit => '-', + order => '2203', + } + + shorewall::rule { 'jabber-4': + action => 'DNAT', + source => '$FW', + destination => "$zone:$destination:4370", + proto => 'tcp', + destinationport => '4370:4375', + originaldest => "$ipaddress", + ratelimit => '-', + order => '2204', + } +} + +class firewall::vserver::mumble($destination, $zone = 'fw') { + shorewall::rule { 'mumble-0': + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:64738", + proto => 'tcp', + destinationport => '64738', + ratelimit => '-', + order => '2300', + } + + shorewall::rule { 'mumble-1': + action => 'DNAT', + source => '$FW', + destination => "$zone:$destination:64738", + proto => 'tcp', + destinationport => '64738', + originaldest => "$ipaddress", + ratelimit => '-', + order => '2301', + } +} diff --git a/manifests/vserver.pp b/manifests/vserver.pp index 99a8481..938903a 100644 --- a/manifests/vserver.pp +++ b/manifests/vserver.pp @@ -47,7 +47,8 @@ class nodo::vserver inherits nodo { $puppetmaster = false, $gitd = false, $mail = false, $icecast = false, $sound = false, $tor = false, $ticket = false, $memory_limit = false, $distro = 'squeeze', - $dns = false, $munin_port = false, $monkeysphere_ssh_port = false) { + $dns = false, $munin_port = false, $monkeysphere_ssh_port = false, + $jabber = false, $mumble = false) { # set instance id if $context <= 9 { @@ -198,6 +199,18 @@ class nodo::vserver inherits nodo { "firewall::vserver::tor": destination => "192.168.0.$context"; } } + + if $jabber { + class { + "firewall::vserver::jabber": destination => "192.168.0.$context"; + } + } + + if $mumble { + class { + "firewall::vserver::mumble": destination => "192.168.0.$context"; + } + } } } } -- cgit v1.2.3