diff options
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/base.pp | 7 | ||||
| -rw-r--r-- | manifests/blacklist.pp | 2 | ||||
| -rw-r--r-- | manifests/debian.pp | 1 | ||||
| -rw-r--r-- | manifests/extension_script.pp | 14 | ||||
| -rw-r--r-- | manifests/host.pp | 2 | ||||
| -rw-r--r-- | manifests/init.pp | 9 | ||||
| -rw-r--r-- | manifests/interface.pp | 2 | ||||
| -rw-r--r-- | manifests/masq.pp | 2 | ||||
| -rw-r--r-- | manifests/nat.pp | 2 | ||||
| -rw-r--r-- | manifests/params.pp | 2 | ||||
| -rw-r--r-- | manifests/policy.pp | 2 | ||||
| -rw-r--r-- | manifests/proxyarp.pp | 2 | ||||
| -rw-r--r-- | manifests/rfc1918.pp | 2 | ||||
| -rw-r--r-- | manifests/routestopped.pp | 2 | ||||
| -rw-r--r-- | manifests/rule.pp | 2 | ||||
| -rw-r--r-- | manifests/rule_section.pp | 2 | ||||
| -rw-r--r-- | manifests/tcclasses.pp | 12 | ||||
| -rw-r--r-- | manifests/tcdevices.pp | 11 | ||||
| -rw-r--r-- | manifests/tcrules.pp | 12 | ||||
| -rw-r--r-- | manifests/zone.pp | 2 |
20 files changed, 75 insertions, 17 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index e068c35..58b753e 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,6 +1,6 @@ class shorewall::base { package { 'shorewall': - ensure => present, + ensure => $shorewall_ensure_version, } # This file has to be managed in place, so shorewall can find it @@ -38,7 +38,10 @@ class shorewall::base { File["/var/lib/puppet/modules/shorewall/blacklist"], File["/var/lib/puppet/modules/shorewall/rfc1918"], File["/var/lib/puppet/modules/shorewall/routestopped"], - File["/var/lib/puppet/modules/shorewall/params"] + File["/var/lib/puppet/modules/shorewall/params"], + File["/var/lib/puppet/modules/shorewall/tcdevices"], + File["/var/lib/puppet/modules/shorewall/tcrules"], + File["/var/lib/puppet/modules/shorewall/tcclasses"], ], require => Package[shorewall], } diff --git a/manifests/blacklist.pp b/manifests/blacklist.pp index 3700ace..d2b2708 100644 --- a/manifests/blacklist.pp +++ b/manifests/blacklist.pp @@ -3,7 +3,7 @@ define shorewall::blacklist( $port = '-', $order='100' ){ - shorewall::entry{"blacklist.d/${order}-${name}": + shorewall::entry{"blacklist.d/${order}-${title}": line => "${name} ${proto} ${port}", } } diff --git a/manifests/debian.pp b/manifests/debian.pp index eab54a2..da3a398 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -3,7 +3,6 @@ class shorewall::debian inherits shorewall::base { '': { $shorewall_startup = "1" } } file{'/etc/default/shorewall': - #source => "puppet:///modules/shorewall/debian/default", content => template("shorewall/debian_default.erb"), require => Package['shorewall'], notify => Service['shorewall'], diff --git a/manifests/extension_script.pp b/manifests/extension_script.pp new file mode 100644 index 0000000..2b9579c --- /dev/null +++ b/manifests/extension_script.pp @@ -0,0 +1,14 @@ +# See http://shorewall.net/shorewall_extension_scripts.htm +define extension_script($script = '') { + case $name { + 'init', 'initdone', 'start', 'started', 'stop', 'stopped', 'clear', 'refresh', 'continue', 'maclog': { + shorewall::managed_file { "${name}": } + shorewall::entry { "${name}.d/500-${hostname}": + line => "${script}\n"; + } + } + '', default: { + err("${name}: unknown shorewall extension script") + } + } +} diff --git a/manifests/host.pp b/manifests/host.pp index b431efe..58dc53b 100644 --- a/manifests/host.pp +++ b/manifests/host.pp @@ -3,7 +3,7 @@ define shorewall::host( $options = 'tcpflags,blacklist,norfc1918', $order='100' ){ - shorewall::entry{"hosts.d/${order}-${name}": + shorewall::entry{"hosts.d/${order}-${title}": line => "${zone} ${name} ${options}" } } diff --git a/manifests/init.pp b/manifests/init.pp index e9ba464..3e759db 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -15,7 +15,7 @@ class shorewall { } default: { notice "unknown operatingsystem: $operatingsystem" - include shorewall::base + include shorewall::base } } @@ -49,4 +49,11 @@ class shorewall { shorewall::managed_file { routestopped: } # See http://www.shorewall.net/3.0/Documentation.htm#Variables shorewall::managed_file { params: } + # See http://www.shorewall.net/3.0/traffic_shaping.htm + shorewall::managed_file { tcdevices: } + # See http://www.shorewall.net/3.0/traffic_shaping.htm + shorewall::managed_file { tcrules: } + # See http://www.shorewall.net/3.0/traffic_shaping.htm + shorewall::managed_file { tcclasses: } + } diff --git a/manifests/interface.pp b/manifests/interface.pp index 1cb5042..56b6db4 100644 --- a/manifests/interface.pp +++ b/manifests/interface.pp @@ -20,7 +20,7 @@ define shorewall::interface( } } - shorewall::entry { "interfaces.d/${order}-${name}": + shorewall::entry { "interfaces.d/${order}-${title}": line => "${zone} ${name} ${broadcast} ${options_real}", } } diff --git a/manifests/masq.pp b/manifests/masq.pp index a9c9840..646cec5 100644 --- a/manifests/masq.pp +++ b/manifests/masq.pp @@ -10,7 +10,7 @@ define shorewall::masq( $mark = '', $order='100' ){ - shorewall::entry{"masq.d/${order}-${name}": + shorewall::entry{"masq.d/${order}-${title}": line => "# ${name}\n${interface} ${source} ${address} ${proto} ${port} ${ipsec} ${mark}" } } diff --git a/manifests/nat.pp b/manifests/nat.pp index e69c1c0..d2f214f 100644 --- a/manifests/nat.pp +++ b/manifests/nat.pp @@ -5,7 +5,7 @@ define shorewall::nat( $local = 'yes', $order='100' ){ - shorewall::entry{"nat.d/${order}-${name}": + shorewall::entry{"nat.d/${order}-${title}": line => "${name} ${interface} ${internal} ${all} ${local}" } } diff --git a/manifests/params.pp b/manifests/params.pp index 0a1ae11..33521d7 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,5 +1,5 @@ define shorewall::params($value, $order='100'){ - shorewall::entry{"params.d/${order}-${name}": + shorewall::entry{"params.d/${order}-${title}": line => "${name}=${value}", } } diff --git a/manifests/policy.pp b/manifests/policy.pp index cdaab71..aab6f7a 100644 --- a/manifests/policy.pp +++ b/manifests/policy.pp @@ -5,7 +5,7 @@ define shorewall::policy( $limitburst = '-', $order ){ - shorewall::entry{"policy.d/${order}-${name}": + shorewall::entry{"policy.d/${order}-${title}": line => "# ${name}\n${sourcezone} ${destinationzone} ${policy} ${shloglevel} ${limitburst}", } } diff --git a/manifests/proxyarp.pp b/manifests/proxyarp.pp index 75c853b..07b6434 100644 --- a/manifests/proxyarp.pp +++ b/manifests/proxyarp.pp @@ -5,7 +5,7 @@ define shorewall::proxyarp( $persistent = no, $order='100' ){ - shorewall::entry{"proxyarp.d/${order}-${name}": + shorewall::entry{"proxyarp.d/${order}-${title}": line => "# ${name}\n${name} ${interface} ${external} ${haveroute} ${persistent}" } } diff --git a/manifests/rfc1918.pp b/manifests/rfc1918.pp index 6c2719c..527c8d0 100644 --- a/manifests/rfc1918.pp +++ b/manifests/rfc1918.pp @@ -2,7 +2,7 @@ define shorewall::rfc1918( $action = 'logdrop', $order='100' ){ - shorewall::entry{"rfc1918.d/${order}-${name}": + shorewall::entry{"rfc1918.d/${order}-${title}": line => "${name} ${action}" } } diff --git a/manifests/routestopped.pp b/manifests/routestopped.pp index dab539c..63dc1c4 100644 --- a/manifests/routestopped.pp +++ b/manifests/routestopped.pp @@ -8,7 +8,7 @@ define shorewall::routestopped( '' => $name, default => $interface, } - shorewall::entry{"routestopped.d/${order}-${name}": + shorewall::entry{"routestopped.d/${order}-${title}": line => "${real_interface} ${host} ${options}", } } diff --git a/manifests/rule.pp b/manifests/rule.pp index 8394970..d2188df 100644 --- a/manifests/rule.pp +++ b/manifests/rule.pp @@ -13,7 +13,7 @@ define shorewall::rule( $mark = '', $order ){ - shorewall::entry{"rules.d/${order}-${name}": + shorewall::entry{"rules.d/${order}-${title}": ensure => $ensure, line => "# ${name}\n${action} ${source} ${destination} ${proto} ${destinationport} ${sourceport} ${originaldest} ${ratelimit} ${user} ${mark}", } diff --git a/manifests/rule_section.pp b/manifests/rule_section.pp index a885eae..2163dd5 100644 --- a/manifests/rule_section.pp +++ b/manifests/rule_section.pp @@ -1,7 +1,7 @@ define shorewall::rule_section( $order ){ - shorewall::entry{"rules.d/${order}-${name}": + shorewall::entry{"rules.d/${order}-${title}": line => "SECTION ${name}", } } diff --git a/manifests/tcclasses.pp b/manifests/tcclasses.pp new file mode 100644 index 0000000..2126bb7 --- /dev/null +++ b/manifests/tcclasses.pp @@ -0,0 +1,12 @@ +define shorewall::tcclasses( + $interface, + $rate, + $ceil, + $priority, + $options = '', + $order = '1' +){ + shorewall::entry { "tcclasses.d/${order}-${title}": + line => "# ${name}\n${interface} ${order} ${rate} ${ceil} ${priority} ${options}", + } +} diff --git a/manifests/tcdevices.pp b/manifests/tcdevices.pp new file mode 100644 index 0000000..54c9665 --- /dev/null +++ b/manifests/tcdevices.pp @@ -0,0 +1,11 @@ +define shorewall::tcdevices( + $in_bandwidth, + $out_bandwidth, + $options = '', + $redirected_interfaces = '', + $order = '100' +){ + shorewall::entry { "tcdevices.d/${order}-${title}": + line => "${name} ${in_bandwidth} ${out_bandwidth} ${options} ${redirected_interfaces}", + } +} diff --git a/manifests/tcrules.pp b/manifests/tcrules.pp new file mode 100644 index 0000000..a888d20 --- /dev/null +++ b/manifests/tcrules.pp @@ -0,0 +1,12 @@ +define shorewall::tcrules( + $source, + $destination, + $protocol = 'all', + $ports, + $client_ports = '', + $order = '1' +){ + shorewall::entry { "tcrules.d/${order}-${title}": + line => "# ${name}\n${order} ${source} ${destination} ${protocol} ${ports} ${client_ports}", + } +} diff --git a/manifests/zone.pp b/manifests/zone.pp index fa83b0b..aeab972 100644 --- a/manifests/zone.pp +++ b/manifests/zone.pp @@ -7,7 +7,7 @@ define shorewall::zone( $order = 100 ){ $real_name = $parent ? { '-' => $name, default => "${name}:${parent}" } - shorewall::entry { "zones.d/${order}-${name}": + shorewall::entry { "zones.d/${order}-${title}": line => "${real_name} ${type} ${options} ${in} ${out}" } } |