New hiera parameter firewall::external_ip

diff --git a/manifests/vserver.pp b/manifests/vserver.pp
index e06e6fe04b8f5b97e1bf6524537141426f4170a5..30f2c527980338c96573c1aba17adcb506958d63 100644 (file)
--- a/manifests/vserver.pp
+++ b/manifests/vserver.pp
@@ -15,7 +15,7 @@ class firewall::vserver::http($destination, $zone = 'vm') {
     destination     => "fw:$destination:80",
     proto           => 'tcp',
     destinationport => '80',
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => 601,
   }
@@ -38,7 +38,7 @@ class firewall::vserver::https($destination, $zone = 'vm') {
     destination     => "fw:$destination:443",
     proto           => 'tcp',
     destinationport => '443',
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => hiera("firewall::ssl_ratelimit", '-'),
     order           => 602,
   }
@@ -71,7 +71,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
     destination     => "$zone:$destination:$puppetmaster_port",
     proto           => 'tcp',
     destinationport => "$puppetmaster_port",
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => hiera("firewall::ssl_ratelimit", '-'),
     order           => 702,
   }
@@ -82,7 +82,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
     destination     => "$zone:$destination:$puppetmaster_port",
     proto           => 'udp',
     destinationport => "$puppetmaster_port",
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => hiera("firewall::ssl_ratelimit", '-'),
     order           => 703,
   }
@@ -113,7 +113,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
     destination     => "$zone:$destination:$puppetmaster_nonssl_port",
     proto           => 'tcp',
     destinationport => "$puppetmaster_nonssl_port",
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => 706,
   }
@@ -124,7 +124,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
     destination     => "$zone:$destination:$puppetmaster_nonssl_port",
     proto           => 'udp',
     destinationport => "$puppetmaster_nonssl_port",
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => 707,
   }
@@ -147,7 +147,7 @@ class firewall::vserver::gitd($destination, $zone = 'fw') {
     destination     => "$zone:$destination:9418",
     proto           => 'tcp',
     destinationport => '9418',
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => 801,
   }
@@ -170,7 +170,7 @@ class firewall::vserver::icecast($destination, $zone = 'fw') {
     destination     => "$zone:$destination:8000",
     proto           => 'tcp',
     destinationport => '8000',
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => 901,
   }
@@ -193,7 +193,7 @@ class firewall::vserver::mail($destination, $zone = 'fw') {
     destination     => "$zone:$destination:25",
     proto           => 'tcp',
     destinationport => '25',
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => 1001,
   }
@@ -214,7 +214,7 @@ class firewall::vserver::mail($destination, $zone = 'fw') {
     destination     => "$zone:$destination:993",
     proto           => 'tcp',
     destinationport => '993',
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => hiera("firewall::ssl_ratelimit", '-'),
     order           => 1003,
   }
@@ -235,7 +235,7 @@ class firewall::vserver::mail($destination, $zone = 'fw') {
     destination     => "$zone:$destination:587",
     proto           => 'tcp',
     destinationport => '587',
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => hiera("firewall::ssl_ratelimit", '-'),
     order           => 1005,
   }
@@ -264,7 +264,7 @@ define firewall::vserver::ssh($destination, $port_orig = '22', $port_dest = '',
     },
     proto           => 'tcp',
     destinationport => "$port_orig",
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => "2$port_orig",
   }
@@ -293,7 +293,7 @@ define firewall::vserver::munin($destination, $port_orig, $port_dest = '', $orde
     },
     proto           => 'tcp',
     destinationport => "$port_orig",
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => $order,
   }
@@ -326,7 +326,7 @@ class firewall::vserver::dns($destination, $zone = 'vm') {
     destination     => "fw:$destination:53",
     proto           => 'tcp',
     destinationport => '53',
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => 2002,
   }
@@ -347,7 +347,7 @@ class firewall::vserver::dns($destination, $zone = 'vm') {
     destination     => "fw:$destination:53",
     proto           => 'udp',
     destinationport => '53',
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => 2004,
   }
@@ -370,7 +370,7 @@ class firewall::vserver::tor($destination, $zone = 'fw') {
     destination     => "$zone:$destination:9001",
     proto           => 'tcp',
     destinationport => '9001',
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => 2101,
   }
@@ -391,7 +391,7 @@ class firewall::vserver::tor($destination, $zone = 'fw') {
     destination     => "$zone:$destination:9030",
     proto           => 'tcp',
     destinationport => '9030',
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => 2103,
   }
@@ -414,7 +414,7 @@ class firewall::vserver::jabber($destination, $zone = 'fw') {
     destination     => "$zone:$destination:5223",
     proto           => 'tcp',
     destinationport => '5223',
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => 2201,
   }
@@ -435,7 +435,7 @@ class firewall::vserver::jabber($destination, $zone = 'fw') {
     destination     => "$zone:$destination:4369",
     proto           => 'tcp',
     destinationport => '4369',
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => 2203,
   }
@@ -446,7 +446,7 @@ class firewall::vserver::jabber($destination, $zone = 'fw') {
     destination     => "$zone:$destination:4370",
     proto           => 'tcp',
     destinationport => '4370:4375',
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => 2204,
   }
@@ -469,7 +469,7 @@ class firewall::vserver::mumble($destination, $zone = 'fw') {
     destination     => "$zone:$destination:64738",
     proto           => 'udp',
     destinationport => '64738',
-    originaldest    => "$ipaddress",
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => 2301,
   }