From a4c8eac733cb03e850c0e6636c86538a701d04f9 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sun, 15 Apr 2012 18:05:24 -0300 Subject: Adding firewall rules for mumble and jabber vservers --- manifests/subsystems/firewall/vserver.pp | 78 ++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) (limited to 'manifests/subsystems/firewall') diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp index 92f7542..cef8748 100644 --- a/manifests/subsystems/firewall/vserver.pp +++ b/manifests/subsystems/firewall/vserver.pp @@ -375,3 +375,81 @@ class firewall::vserver::tor($destination, $zone = 'fw') { order => '2103', } } + +class firewall::vserver::jabber($destination, $zone = 'fw') { + shorewall::rule { 'jabber-0': + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:5222", + proto => 'tcp', + destinationport => '5222', + ratelimit => '-', + order => '2200', + } + + shorewall::rule { 'jabber-1': + action => 'DNAT', + source => '$FW', + destination => "$zone:$destination:5223", + proto => 'tcp', + destinationport => '5223', + originaldest => "$ipaddress", + ratelimit => '-', + order => '2201', + } + + shorewall::rule { 'jabber-2': + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:5269", + proto => 'tcp', + destinationport => '5269', + ratelimit => '-', + order => '2202', + } + + shorewall::rule { 'jabber-3': + action => 'DNAT', + source => '$FW', + destination => "$zone:$destination:4369", + proto => 'tcp', + destinationport => '4369', + originaldest => "$ipaddress", + ratelimit => '-', + order => '2203', + } + + shorewall::rule { 'jabber-4': + action => 'DNAT', + source => '$FW', + destination => "$zone:$destination:4370", + proto => 'tcp', + destinationport => '4370:4375', + originaldest => "$ipaddress", + ratelimit => '-', + order => '2204', + } +} + +class firewall::vserver::mumble($destination, $zone = 'fw') { + shorewall::rule { 'mumble-0': + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:64738", + proto => 'tcp', + destinationport => '64738', + ratelimit => '-', + order => '2300', + } + + shorewall::rule { 'mumble-1': + action => 'DNAT', + source => '$FW', + destination => "$zone:$destination:64738", + proto => 'tcp', + destinationport => '64738', + originaldest => "$ipaddress", + ratelimit => '-', + order => '2301', + } +} -- cgit v1.2.3