diff options
author | mh <mh@immerda.ch> | 2011-11-05 14:50:26 +0100 |
---|---|---|
committer | mh <mh@immerda.ch> | 2011-11-05 14:50:26 +0100 |
commit | 052f749adb3b488388cba57f65f74852621ac1fa (patch) | |
tree | af9614fd4868e4c9f19fbfd8d5d72bd514f23680 | |
parent | 8f033c40a6ff210ce295db2bde025d739f8c3053 (diff) | |
download | puppet-shorewall-052f749adb3b488388cba57f65f74852621ac1fa.tar.gz puppet-shorewall-052f749adb3b488388cba57f65f74852621ac1fa.tar.bz2 |
allow ssh_in source to be selected by hiera, better naming for the same option for munin
-rw-r--r-- | manifests/rules/munin.pp | 4 | ||||
-rw-r--r-- | manifests/rules/ssh.pp | 10 |
2 files changed, 8 insertions, 6 deletions
diff --git a/manifests/rules/munin.pp b/manifests/rules/munin.pp index 17f0961..26cebfe 100644 --- a/manifests/rules/munin.pp +++ b/manifests/rules/munin.pp @@ -1,12 +1,12 @@ class shorewall::rules::munin( $munin_port = hiera('munin_port','4949'), $munin_collector = hiera('munin_collector','127.0.0.1'), - $collector_interface_source = hiera('munin_collector_interface_source','net') + $collector_source = hiera('shorewall_munin_in_collector_source','net') ){ shorewall::params { 'MUNINPORT': value => $munin_port } shorewall::params { 'MUNINCOLLECTOR': value => $munin_collector } shorewall::rule{'net-me-munin-tcp': - source => "${collector_interface_source}:\$MUNINCOLLECTOR", + source => "${collector_source}:\$MUNINCOLLECTOR", destination => '$FW', proto => 'tcp', destinationport => '$MUNINPORT', diff --git a/manifests/rules/ssh.pp b/manifests/rules/ssh.pp index 0eebcb4..3b7efa2 100644 --- a/manifests/rules/ssh.pp +++ b/manifests/rules/ssh.pp @@ -1,10 +1,12 @@ -class shorewall::rules::ssh($ports) { - $flatted_ports = join($ports,',') +class shorewall::rules::ssh( + $ports, + $source = hiera('shorewall_ssh_in_source','net') +) { shorewall::rule { 'net-me-tcp_ssh': - source => 'net', + source => $shorewall::rules::ssh::source, destination => '$FW', proto => 'tcp', - destinationport => $flatted_ports, + destinationport => join($shorewall::rules::ssh::ports,','), order => 240, action => 'ACCEPT'; } |