Adding firewall::local

diff --git a/manifests/init.pp b/manifests/init.pp
index f4b7d36234d7526b24ce054a5cc5d05d6055a6a5..129b118d5ef2aa55940a43db2ce084f64a4fb454 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -82,6 +82,7 @@ import "subsystems/firewall/vserver.pp"
 import "subsystems/firewall/torrent.pp"
 import "subsystems/firewall/ups.pp"
 import "subsystems/firewall/wifi.pp"
+import "subsystems/firewall/local.pp"
 
 # Import nodo classes
 import "nodo.pp"

diff --git a/manifests/subsystems/firewall.pp b/manifests/subsystems/firewall.pp
index 0e25e056cd0157c6b0e243307ba9b67247f03f22..841757ad1ff7e2eb2abaa9b9f54f6d54675b2ea3 100644 (file)
--- a/manifests/subsystems/firewall.pp
+++ b/manifests/subsystems/firewall.pp
@@ -199,51 +199,12 @@ class firewall {
     options   => "default",
   }
 
-  #
-  # DMZ Configuration
-  #
   if $shorewall_local_net {
-    $shorewall_local_net_iface = $shorewall_local_net_iface ? {
-      ''      => 'eth0',
-        default => $shorewall_local_net_iface,
-    }
-
-    $shorewall_local_net_network = $shorewall_local_net_network ? {
-      ''      => '192.168.1.0/24',
-      default => $shorewall_local_net_network,
-    }
-
-    shorewall::host { "$shorewall_local_net_iface-loc":
-      name    =>  "$shorewall_local_net_iface:$shorewall_local_net_network",
-      zone    => 'loc',
-      options => '',
-      order   => '3',
-    }
-  
-    shorewall::policy { 'loc-all':
-      sourcezone      => 'loc',
-      destinationzone => 'all',
-      policy          => 'ACCEPT',
-      order           => '5',
-    }
-  
-    shorewall::policy { 'vm-loc':
-      sourcezone      => 'vm',
-      destinationzone => 'loc',
-      policy          => 'ACCEPT',
-      order           => '6',
-    }
-  
-    shorewall::policy { 'fw-loc':
-      sourcezone      => '$FW',
-      destinationzone => 'loc',
-      policy          => 'ACCEPT',
-      order           => '7',
-    }
-  
-    shorewall::zone { 'loc':
-      type  => 'ipv4',
-      order => '4',
+    class { 'firewall::local':
+      network          => $shorewall_local_net_network,
+      interface        => $shorewall_local_net_iface,
+      manage_host      => $shorewall_local_net_manage_host,
+      manage_interface => $shorewall_local_net_manage_iface,
     }
   }
 }

diff --git a/manifests/subsystems/firewall/local.pp b/manifests/subsystems/firewall/local.pp
new file mode 100644 (file)
index 0000000..71c21cd
--- /dev/null
+++ b/manifests/subsystems/firewall/local.pp
@@ -0,0 +1,46 @@
+class firewall::local($network = '192.168.1.0/24', $interface = 'eth0', $manage_host = true, $manage_interface = false) {
+
+  if $manage_host {
+    shorewall::host { "$interface-loc":
+      name    =>  "$interface:$network",
+      zone    => 'loc',
+      options => '',
+      order   => '3',
+    }
+  }
+
+  if $manage_interface {
+    shorewall::interface { $interface:
+      zone    => 'loc',
+      rfc1918 => true,
+      dhcp    => true,
+      options => 'routeback',
+    }
+  }
+
+  shorewall::policy { 'loc-all':
+    sourcezone      => 'loc',
+    destinationzone => 'all',
+    policy          => 'ACCEPT',
+    order           => '5',
+  }
+
+  shorewall::policy { 'vm-loc':
+    sourcezone      => 'vm',
+    destinationzone => 'loc',
+    policy          => 'ACCEPT',
+    order           => '6',
+  }
+
+  shorewall::policy { 'fw-loc':
+    sourcezone      => '$FW',
+    destinationzone => 'loc',
+    policy          => 'ACCEPT',
+    order           => '7',
+  }
+
+  shorewall::zone { 'loc':
+    type  => 'ipv4',
+    order => '4',
+  }
+}