Make traffic shaping optional

author Silvio Rhatto <rhatto@riseup.net>

Sat, 5 Mar 2016 14:52:31 +0000 (11:52 -0300)

committer Silvio Rhatto <rhatto@riseup.net>

Sat, 5 Mar 2016 14:52:31 +0000 (11:52 -0300)
author Silvio Rhatto <rhatto@riseup.net>
Sat, 5 Mar 2016 14:52:31 +0000 (11:52 -0300)
committer Silvio Rhatto <rhatto@riseup.net>
Sat, 5 Mar 2016 14:52:31 +0000 (11:52 -0300)
diff --git a/manifests/init.pp b/manifests/init.pp

index b6a57c24c07ec683e0fe2a4eb0981ddd0ab5f28c..48c9df384487fa2fc4897de7de650af28988a6b9 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -3,8 +3,6 @@ class firewall(
    $device          = hiera('firewall::device',         'eth0'),
    $zone            = hiera('firewall::zone',           '-'),
    $local_net       = hiera('firewall::local_net',      false),
-  $in_bandwidth    = hiera('firewall::in_bandwidth',   '1000mbps'),
-  $out_bandwidth   = hiera('firewall::out_bandwidth',  '1000mbps'),
    $device_options  = hiera('firewall::device_options', 'tcpflags,blacklist,routefilter,nosmurfs,logmartians'),
    $vm_address      = hiera('firewall::vm_address',     '192.168.0.0/24'),
    $vm_device       = hiera('firewall::vm_device',      false)
@@ -67,7 +65,6 @@ class firewall(
      }
    }
  
-
    shorewall::policy { 'net-all':
      sourcezone      => 'net',
      destinationzone => 'all',
@@ -195,47 +192,6 @@ class firewall(
      order => 4,
    }
  
-  #
-  # Traffic shapping
-  #
-  shorewall::tcdevices { "${device}":
-    in_bandwidth  => "$in_bandwidth",
-    out_bandwidth => "$out_bandwidth",
-  }
-
-  shorewall::tcrules { "ssh-tcp":
-    order       => "1",
-    source      => "0.0.0.0/0",
-    destination => "0.0.0.0/0",
-    protocol    => "tcp",
-    ports       => "22",
-  }
-
-  shorewall::tcrules { "ssh-udp":
-    order       => "1",
-    source      => "0.0.0.0/0",
-    destination => "0.0.0.0/0",
-    protocol    => "udp",
-    ports       => "22",
-  }
-
-  shorewall::tcclasses { "ssh":
-    order     => "1",
-    interface => "${device}",
-    rate      => "4*full/100",
-    ceil      => "full",
-    priority  => "1",
-  }
-
-  shorewall::tcclasses { "default":
-    order     => "2",
-    interface => "${device}",
-    rate      => "6*full/100",
-    ceil      => "full",
-    priority  => "2",
-    options   => "default",
-  }
-
    if $local_net == true {
      class { "firewall::local": }
    }
diff --git a/manifests/shaping.pp b/manifests/shaping.pp

new file mode 100644 (file)

index 0000000..63bd464
--- /dev/null
+++ b/manifests/shaping.pp
@@ -0,0 +1,46 @@
+class firewall::shaping(
+  $device         = hiera('firewall::device',         'eth0'),
+  $in_bandwidth   = hiera('firewall::in_bandwidth',   '1000mbps'),
+  $out_bandwidth  = hiera('firewall::out_bandwidth',  '1000mbps')
+) {
+  #
+  # Traffic shaping
+  #
+  shorewall::tcdevices { "${device}":
+    in_bandwidth  => "$in_bandwidth",
+    out_bandwidth => "$out_bandwidth",
+  }
+
+  shorewall::tcrules { "ssh-tcp":
+    order       => "1",
+    source      => "0.0.0.0/0",
+    destination => "0.0.0.0/0",
+    protocol    => "tcp",
+    ports       => "22",
+  }
+
+  shorewall::tcrules { "ssh-udp":
+    order       => "1",
+    source      => "0.0.0.0/0",
+    destination => "0.0.0.0/0",
+    protocol    => "udp",
+    ports       => "22",
+  }
+
+  shorewall::tcclasses { "ssh":
+    order     => "1",
+    interface => "${device}",
+    rate      => "4*full/100",
+    ceil      => "full",
+    priority  => "1",
+  }
+
+  shorewall::tcclasses { "default":
+    order     => "2",
+    interface => "${device}",
+    rate      => "6*full/100",
+    ceil      => "full",
+    priority  => "2",
+    options   => "default",
+  }
+}
author	Silvio Rhatto <rhatto@riseup.net>
	Sat, 5 Mar 2016 14:52:31 +0000 (11:52 -0300)
committer	Silvio Rhatto <rhatto@riseup.net>
	Sat, 5 Mar 2016 14:52:31 +0000 (11:52 -0300)
manifests/init.pp		patch \| blob \| history
manifests/shaping.pp	[new file with mode: 0644]	patch \| blob