From d3784c34e285c7bb8c16ef0f957ec4bc4b908207 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Fri, 13 Jun 2014 09:39:38 +0200
Subject: there might be people who don't have a stun server

---
 manifests/rules/jabberserver.pp | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

(limited to 'manifests')

diff --git a/manifests/rules/jabberserver.pp b/manifests/rules/jabberserver.pp
index 14666a0..0b10420 100644
--- a/manifests/rules/jabberserver.pp
+++ b/manifests/rules/jabberserver.pp
@@ -1,6 +1,8 @@
 # open ports used by a jabberserver
 # in and outbound.
-class shorewall::rules::jabberserver {
+class shorewall::rules::jabberserver(
+  $open_stun = true,
+) {
   shorewall::rule {
     'net-me-tcp_jabber':
             source          => 'net',
@@ -9,13 +11,6 @@ class shorewall::rules::jabberserver {
             destinationport => '5222,5223,5269',
             order           => 240,
             action          => 'ACCEPT';
-    'net-me-udp_jabber_stun_server':
-            source          => 'net',
-            destination     => '$FW',
-            proto           => 'udp',
-            destinationport => '3478',
-            order           => 240,
-            action          => 'ACCEPT';
     'me-net-tcp_jabber_s2s':
             source          => '$FW',
             destination     => 'net',
@@ -25,4 +20,15 @@ class shorewall::rules::jabberserver {
             action          => 'ACCEPT';
   }
 
+  if $open_stun {
+    shorewall::rule {
+      'net-me-udp_jabber_stun_server':
+            source          => 'net',
+            destination     => '$FW',
+            proto           => 'udp',
+            destinationport => '3478',
+            order           => 240,
+            action          => 'ACCEPT';
+    }
+  }
 }
-- 
cgit v1.2.3