aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormh <mh@immerda.ch>2014-06-13 09:39:38 +0200
committermh <mh@immerda.ch>2015-12-05 11:35:24 +0100
commitd3784c34e285c7bb8c16ef0f957ec4bc4b908207 (patch)
tree12b4bc7372d3dd07b5acd43d47423454d393525d
parent6c8ff8ead1c8f1c2d37956886738e3d4f7fabd93 (diff)
downloadpuppet-shorewall-d3784c34e285c7bb8c16ef0f957ec4bc4b908207.tar.gz
puppet-shorewall-d3784c34e285c7bb8c16ef0f957ec4bc4b908207.tar.bz2
there might be people who don't have a stun server
-rw-r--r--manifests/rules/jabberserver.pp22
1 files changed, 14 insertions, 8 deletions
diff --git a/manifests/rules/jabberserver.pp b/manifests/rules/jabberserver.pp
index 14666a0..0b10420 100644
--- a/manifests/rules/jabberserver.pp
+++ b/manifests/rules/jabberserver.pp
@@ -1,6 +1,8 @@
# open ports used by a jabberserver
# in and outbound.
-class shorewall::rules::jabberserver {
+class shorewall::rules::jabberserver(
+ $open_stun = true,
+) {
shorewall::rule {
'net-me-tcp_jabber':
source => 'net',
@@ -9,13 +11,6 @@ class shorewall::rules::jabberserver {
destinationport => '5222,5223,5269',
order => 240,
action => 'ACCEPT';
- 'net-me-udp_jabber_stun_server':
- source => 'net',
- destination => '$FW',
- proto => 'udp',
- destinationport => '3478',
- order => 240,
- action => 'ACCEPT';
'me-net-tcp_jabber_s2s':
source => '$FW',
destination => 'net',
@@ -25,4 +20,15 @@ class shorewall::rules::jabberserver {
action => 'ACCEPT';
}
+ if $open_stun {
+ shorewall::rule {
+ 'net-me-udp_jabber_stun_server':
+ source => 'net',
+ destination => '$FW',
+ proto => 'udp',
+ destinationport => '3478',
+ order => 240,
+ action => 'ACCEPT';
+ }
+ }
}