aboutsummaryrefslogtreecommitdiff
path: root/manifests/subsystems/firewall/local.pp
blob: 7e23e290a7eda64fc5f2d5f9653775296a6d15fd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
class firewall::local(
  $network          = hiera('nodo::firewall::local::network',      '192.168.1.0/24'),
  $interface        = hiera('nodo::firewall::local::interface',    'eth0'),
  $manage_host      = hiera('nodo::firewall::local::manage_host',  True),
  $manage_interface = hiera('nodo::firewall::local::manage_iface', false)
) {

  shorewall::zone { 'loc':
    type  => 'ipv4',
    order => 4,
  }

  if $manage_host {
    shorewall::host { "$interface-loc":
      name    => "$interface:$network",
      zone    => 'loc',
      options => '',
      order   => 3,
    }
  }

  if $manage_interface {
    shorewall::interface { "$interface":
      zone    => 'loc',
      rfc1918 => true,
      dhcp    => true,
      options => 'routeback',
    }
  }

  shorewall::policy { 'loc-all':
    sourcezone      => 'loc',
    destinationzone => 'all',
    policy          => 'ACCEPT',
    order           => 5,
  }

  shorewall::policy { 'vm-loc':
    sourcezone      => 'vm',
    destinationzone => 'loc',
    policy          => 'ACCEPT',
    order           => 6,
  }

  shorewall::policy { 'fw-loc':
    sourcezone      => '$FW',
    destinationzone => 'loc',
    policy          => 'ACCEPT',
    order           => 7,
  }

}