From ef568946ba793b93b0f60810b04227f3c7542947 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Mon, 15 Aug 2011 22:59:22 -0300 Subject: Fixing firewall::router::ssh --- manifests/subsystems/firewall/router.pp | 4 +-- manifests/subsystems/firewall/vserver.pp | 50 ++++++++++++++++---------------- 2 files changed, 27 insertions(+), 27 deletions(-) (limited to 'manifests/subsystems') diff --git a/manifests/subsystems/firewall/router.pp b/manifests/subsystems/firewall/router.pp index a349050..e5563a0 100644 --- a/manifests/subsystems/firewall/router.pp +++ b/manifests/subsystems/firewall/router.pp @@ -239,8 +239,8 @@ define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $ action => 'DNAT', source => '$FW', destination => $port_dest ? { - '' => "fw:$destination", - default => "fw:$destination:$port_dest", + '' => "$zone:$destination", + default => "$zone:$destination:$port_dest", }, proto => 'tcp', destinationport => "$port_orig", diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp index 7b09d96..8273c47 100644 --- a/manifests/subsystems/firewall/vserver.pp +++ b/manifests/subsystems/firewall/vserver.pp @@ -44,11 +44,11 @@ class firewall::vserver::https($destination, $zone = 'vm') { } } -class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', $puppetmaster_nonssl_port = '8141') { +class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', $puppetmaster_nonssl_port = '8141', $zone = 'fw') { shorewall::rule { 'puppetmaster-1': action => 'DNAT', source => 'net', - destination => "fw:$destination:$puppetmaster_port", + destination => "$zone:$destination:$puppetmaster_port", proto => 'tcp', destinationport => "$puppetmaster_port", ratelimit => '-', @@ -58,7 +58,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', shorewall::rule { 'puppetmaster-2': action => 'DNAT', source => 'net', - destination => "fw:$destination:$puppetmaster_port", + destination => "$zone:$destination:$puppetmaster_port", proto => 'udp', destinationport => "$puppetmaster_port", ratelimit => '-', @@ -68,7 +68,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', shorewall::rule { 'puppetmaster-3': action => 'DNAT', source => '$FW', - destination => "fw:$destination:$puppetmaster_port", + destination => "$zone:$destination:$puppetmaster_port", proto => 'tcp', destinationport => "$puppetmaster_port", originaldest => "$ipaddress", @@ -79,7 +79,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', shorewall::rule { 'puppetmaster-4': action => 'DNAT', source => '$FW', - destination => "fw:$destination:$puppetmaster_port", + destination => "$zone:$destination:$puppetmaster_port", proto => 'udp', destinationport => "$puppetmaster_port", originaldest => "$ipaddress", @@ -90,7 +90,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', shorewall::rule { 'puppetmaster-5': action => 'DNAT', source => 'net', - destination => "fw:$destination:$puppetmaster_nonssl_port", + destination => "$zone:$destination:$puppetmaster_nonssl_port", proto => 'tcp', destinationport => "$puppetmaster_nonssl_port", ratelimit => '-', @@ -100,7 +100,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', shorewall::rule { 'puppetmaster-6': action => 'DNAT', source => 'net', - destination => "fw:$destination:$puppetmaster_nonssl_port", + destination => "$zone:$destination:$puppetmaster_nonssl_port", proto => 'udp', destinationport => "$puppetmaster_nonssl_port", ratelimit => '-', @@ -110,7 +110,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', shorewall::rule { 'puppetmaster-7': action => 'DNAT', source => '$FW', - destination => "fw:$destination:$puppetmaster_nonssl_port", + destination => "$zone:$destination:$puppetmaster_nonssl_port", proto => 'tcp', destinationport => "$puppetmaster_nonssl_port", originaldest => "$ipaddress", @@ -121,7 +121,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', shorewall::rule { 'puppetmaster-8': action => 'DNAT', source => '$FW', - destination => "fw:$destination:$puppetmaster_nonssl_port", + destination => "$zone:$destination:$puppetmaster_nonssl_port", proto => 'udp', destinationport => "$puppetmaster_nonssl_port", originaldest => "$ipaddress", @@ -130,11 +130,11 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', } } -class firewall::vserver::gitd($destination) { +class firewall::vserver::gitd($destination, $zone = 'fw') { shorewall::rule { 'git-daemon-1': action => 'DNAT', source => 'net', - destination => "fw:$destination:9418", + destination => "$zone:$destination:9418", proto => 'tcp', destinationport => '9418', ratelimit => '-', @@ -144,7 +144,7 @@ class firewall::vserver::gitd($destination) { shorewall::rule { 'git-daemon-2': action => 'DNAT', source => '$FW', - destination => "fw:$destination:9418", + destination => "$zone:$destination:9418", proto => 'tcp', destinationport => '9418', originaldest => "$ipaddress", @@ -153,11 +153,11 @@ class firewall::vserver::gitd($destination) { } } -class firewall::vserver::icecast($destination) { +class firewall::vserver::icecast($destination, $zone = 'fw') { shorewall::rule { 'icecast-1': action => 'DNAT', source => 'net', - destination => "fw:$destination:8000", + destination => "$zone:$destination:8000", proto => 'tcp', destinationport => '8000', ratelimit => '-', @@ -167,7 +167,7 @@ class firewall::vserver::icecast($destination) { shorewall::rule { 'icecast-2': action => 'DNAT', source => '$FW', - destination => "fw:$destination:8000", + destination => "$zone:$destination:8000", proto => 'tcp', destinationport => '8000', originaldest => "$ipaddress", @@ -176,11 +176,11 @@ class firewall::vserver::icecast($destination) { } } -class firewall::vserver::mail($destination) { +class firewall::vserver::mail($destination, $zone = 'fw') { shorewall::rule { 'mail-1': action => 'DNAT', source => 'net', - destination => "fw:$destination:25", + destination => "$zone:$destination:25", proto => 'tcp', destinationport => '25', ratelimit => '-', @@ -190,7 +190,7 @@ class firewall::vserver::mail($destination) { shorewall::rule { 'mail-2': action => 'DNAT', source => '$FW', - destination => "fw:$destination:25", + destination => "$zone:$destination:25", proto => 'tcp', destinationport => '25', originaldest => "$ipaddress", @@ -201,7 +201,7 @@ class firewall::vserver::mail($destination) { shorewall::rule { 'mail-3': action => 'DNAT', source => 'net', - destination => "fw:$destination:993", + destination => "$zone:$destination:993", proto => 'tcp', destinationport => '993', ratelimit => '-', @@ -211,7 +211,7 @@ class firewall::vserver::mail($destination) { shorewall::rule { 'mail-4': action => 'DNAT', source => '$FW', - destination => "fw:$destination:993", + destination => "$zone:$destination:993", proto => 'tcp', destinationport => '993', originaldest => "$ipaddress", @@ -249,13 +249,13 @@ define firewall::vserver::ssh($destination, $port_orig = '22', $port_dest = '', } } -define firewall::vserver::munin($destination, $port_orig, $port_dest = '', $order = '400') { +define firewall::vserver::munin($destination, $port_orig, $port_dest = '', $order = '400', $zone = 'fw') { shorewall::rule { "munin-$name-1": action => 'DNAT', source => 'net', destination => $port_dest ? { - '' => "fw:$destination", - default => "fw:$destination:$port_dest", + '' => "$zone:$destination", + default => "$zone:$destination:$port_dest", }, proto => 'tcp', destinationport => "$port_orig", @@ -267,8 +267,8 @@ define firewall::vserver::munin($destination, $port_orig, $port_dest = '', $orde action => 'DNAT', source => '$FW', destination => $port_dest ? { - '' => "fw:$destination", - default => "fw:$destination:$port_dest", + '' => "$zone:$destination", + default => "$zone:$destination:$port_dest", }, proto => 'tcp', destinationport => "$port_orig", -- cgit v1.2.3