]> gitweb.fluxo.info Git - puppet-firewall.git/commitdiff
projects / puppet-firewall.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0e40ed4)
Allow non-standard torrent ports
authorSilvio Rhatto <rhatto@riseup.net>
Wed, 1 Jan 2014 17:37:34 +0000 (15:37 -0200)
committerSilvio Rhatto <rhatto@riseup.net>
Wed, 1 Jan 2014 17:37:34 +0000 (15:37 -0200)
manifests/router.pp patch | blob | history
manifests/torrent.pp patch | blob | history

diff --git a/manifests/router.pp b/manifests/router.pp
index e4b5795785844f49d07baa48170cc2a9681078a6..7e0e13dd98b4e7438ad0026e5857f36faa3b17a7 100644 (file)
--- a/manifests/router.pp
+++ b/manifests/router.pp
@@ -347,13 +347,18 @@ define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone
   }
 }
 
-class firewall::router::torrent($destination, $zone = 'loc', $originaldest = $ipaddress) {
+class firewall::router::torrent(
+  $destination,
+  $zone         = 'loc',
+  $originaldest = $ipaddress,
+  $range        = hiera('firewall::router::torrent::range', '6881:6999')
+) {
   shorewall::rule { "torrent-tcp-1":
     action          => 'DNAT',
     source          => 'net',
     destination     => "$zone:$destination",
     proto           => 'tcp',
-    destinationport => "6881:6999",
+    destinationport => "$range",
     ratelimit       => '-',
     order           => 200,
   }
@@ -363,7 +368,7 @@ class firewall::router::torrent($destination, $zone = 'loc', $originaldest = $ip
     source          => 'all',
     destination     => "$zone:$destination",
     proto           => 'tcp',
-    destinationport => "6881:6999",
+    destinationport => "$range",
     originaldest    => "$originaldest",
     ratelimit       => '-',
     order           => 200,
@@ -374,7 +379,7 @@ class firewall::router::torrent($destination, $zone = 'loc', $originaldest = $ip
     source          => 'net',
     destination     => "$zone:$destination",
     proto           => 'udp',
-    destinationport => "6881:6999",
+    destinationport => "$range",
     ratelimit       => '-',
     order           => 201,
   }
diff --git a/manifests/torrent.pp b/manifests/torrent.pp
index 2dc84519dc1e31ad61f6dab0ea78c25aa8bcff0a..e7eb02a29ed2593875005c30a1ab012bbc8bd25e 100644 (file)
--- a/manifests/torrent.pp
+++ b/manifests/torrent.pp
@@ -1,10 +1,12 @@
-class firewall::torrent {
+class firewall::torrent(
+  $range = hiera('firewall::torrent::range', '6881:6999')
+) {
   shorewall::rule { "torrent-tcp":
     action          => 'ACCEPT',
     source          => 'net',
     destination     => '$FW',
     proto           => 'tcp',
-    destinationport => "6881:6999",
+    destinationport => "$range",
     ratelimit       => '-',
     order           => 200,
   }
@@ -14,7 +16,7 @@ class firewall::torrent {
     source          => 'net',
     destination     => '$FW',
     proto           => 'udp',
-    destinationport => "6881:6999",
+    destinationport => "$range",
     ratelimit       => '-',
     order           => 201,
   }
Puppet module for firewall