aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormh <mh@immerda.ch>2013-01-01 16:22:55 +0100
committermh <mh@immerda.ch>2013-01-01 16:22:55 +0100
commitbcded0b6e2ed96e1f44058ba7e70a404a83c2c71 (patch)
treedee4839057caddc08b1a009e54ca48901ffa5caa
parentb2499eb83c6a55ecebc92e9150cd383eac423fc2 (diff)
downloadpuppet-shorewall-bcded0b6e2ed96e1f44058ba7e70a404a83c2c71.tar.gz
puppet-shorewall-bcded0b6e2ed96e1f44058ba7e70a404a83c2c71.tar.bz2
make it possible to exent nets for ipsec
-rw-r--r--manifests/rules/ipsec.pp12
1 files changed, 7 insertions, 5 deletions
diff --git a/manifests/rules/ipsec.pp b/manifests/rules/ipsec.pp
index 3e9db55..82adff0 100644
--- a/manifests/rules/ipsec.pp
+++ b/manifests/rules/ipsec.pp
@@ -1,7 +1,9 @@
-class shorewall::rules::ipsec {
+class shorewall::rules::ipsec(
+ $source = 'net'
+) {
shorewall::rule {
'net-me-ipsec-udp':
- source => 'net',
+ source => $shorewall::rules::ipsec::source,
destination => '$FW',
proto => 'udp',
destinationport => '500',
@@ -9,20 +11,20 @@ class shorewall::rules::ipsec {
action => 'ACCEPT';
'me-net-ipsec-udp':
source => '$FW',
- destination => 'net',
+ destination => $shorewall::rules::ipsec::source,
proto => 'udp',
destinationport => '500',
order => 240,
action => 'ACCEPT';
'net-me-ipsec':
- source => 'net',
+ source => $shorewall::rules::ipsec::source,
destination => '$FW',
proto => 'esp',
order => 240,
action => 'ACCEPT';
'me-net-ipsec':
source => '$FW',
- destination => 'net',
+ destination => $shorewall::rules::ipsec::source,
proto => 'esp',
order => 240,
action => 'ACCEPT';