# Interfaces
#
shorewall::interface { 'eth0':
- zone => '-',
+ zone => 'net',
rfc1918 => $rfc1918,
}
default => $shorewall_dmz_iface,
}
+ $shorewall_dmz_network = $shorewall_dmz_network ? {
+ '' => '192.168.1.0/24',
+ default => $shorewall_dmz_network,
+ }
+
shorewall::host { "$shorewall_dmz_iface-dmz":
- name => "$shorewall_dmz_iface:192.168.1.0/24",
+ name => "$shorewall_dmz_iface:$shorewall_dmz_network",
zone => 'dmz',
options => '',
order => '3',
}
}
-class firewall::router::http($destination) {
+class firewall::router::http($destination, $zone = 'vm') {
shorewall::rule { 'http-route-1':
action => 'DNAT',
source => 'net',
- destination => "vm:$destination:80",
+ destination => "$zone:$destination:80",
proto => 'tcp',
destinationport => '80',
ratelimit => '-',
}
}
-class firewall::router::https($destination) {
+class firewall::router::https($destination, $zone = 'vm') {
shorewall::rule { 'https-route-1':
action => 'DNAT',
source => 'net',
- destination => "vm:$destination:443",
+ destination => "$zone:$destination:443",
proto => 'tcp',
destinationport => '443',
ratelimit => '-',
}
}
-define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '') {
+define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'vm') {
shorewall::rule { "ssh-$name-1":
action => 'DNAT',
source => 'net',
destination => $port_dest ? {
- '' => "vm:$destination",
- default => "vm:$destination:$port_dest",
+ '' => "$zone:$destination",
+ default => "$zone:$destination:$port_dest",
},
proto => 'tcp',
destinationport => "$port_orig",
projects / puppet-nodo.git / commitdiff