From b9f8f6df802838dbd9dc9736e7e888f51d0f8fb8 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 20 Feb 2010 14:29:56 -0200 Subject: Changing firewall rules for munin and gitd --- manifests/init.pp | 41 +++++++++++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 14 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index ec61a5b..5b7dea1 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -280,6 +280,17 @@ class nodo::vserver inherits nodo { order => "4$id", } + shorewall::rule { "munin-$context": + action => 'DNAT', + source => '$FW', + destination => "fw:192.168.0.$context:49$id", + proto => 'tcp', + destinationport => "49$id", + originaldest => "$ipaddress", + ratelimit => '-', + order => "5$id", + } + if $proxy { shorewall::rule { 'http-route-1': action => 'DNAT', @@ -288,7 +299,7 @@ class nodo::vserver inherits nodo { proto => 'tcp', destinationport => '80', ratelimit => '-', - order => '500', + order => '600', } shorewall::rule { 'http-route-2': @@ -299,7 +310,7 @@ class nodo::vserver inherits nodo { destinationport => '80', originaldest => "$ipaddress", ratelimit => '-', - order => '501', + order => '601', } shorewall::rule { 'https-route-1': @@ -309,7 +320,7 @@ class nodo::vserver inherits nodo { proto => 'tcp', destinationport => '443', ratelimit => '-', - order => '502', + order => '602', } shorewall::rule { 'https-route-2': @@ -320,7 +331,7 @@ class nodo::vserver inherits nodo { destinationport => '443', originaldest => "$ipaddress", ratelimit => '-', - order => '502', + order => '602', } } @@ -332,7 +343,7 @@ class nodo::vserver inherits nodo { proto => 'tcp', destinationport => '8140', ratelimit => '-', - order => '600', + order => '700', } shorewall::rule { 'puppetmaster-2': @@ -342,7 +353,7 @@ class nodo::vserver inherits nodo { proto => 'udp', destinationport => '8140', ratelimit => '-', - order => '601', + order => '701', } shorewall::rule { 'puppetmaster-3': @@ -353,7 +364,7 @@ class nodo::vserver inherits nodo { destinationport => '8140', originaldest => "$ipaddress", ratelimit => '-', - order => '602', + order => '702', } shorewall::rule { 'puppetmaster-4': @@ -364,7 +375,7 @@ class nodo::vserver inherits nodo { destinationport => '8140', originaldest => "$ipaddress", ratelimit => '-', - order => '603', + order => '703', } } @@ -376,17 +387,18 @@ class nodo::vserver inherits nodo { proto => 'tcp', destinationport => '9418', ratelimit => '-', - order => '700', + order => '800', } shorewall::rule { 'git-daemon-2': action => 'DNAT', source => '$FW', - destination => "vm:192.168.0.$context:9418", + destination => "fw:192.168.0.$context:9418", proto => 'tcp', destinationport => '9418', + originaldest => "$ipaddress", ratelimit => '-', - order => '701', + order => '801', } } @@ -398,17 +410,18 @@ class nodo::vserver inherits nodo { proto => 'tcp', destinationport => '8000', ratelimit => '-', - order => '800', + order => '900', } shorewall::rule { 'icecast-2': action => 'DNAT', source => '$FW', - destination => "vm:192.168.0.$context:8000", + destination => "fw:192.168.0.$context:8000", proto => 'tcp', destinationport => '8000', + originaldest => "$ipaddress", ratelimit => '-', - order => '801', + order => '901', } } } -- cgit v1.2.3