+++ /dev/null
-class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140',
- $puppetmaster_nonssl_port = '8141', $zone = 'loc',
- $originaldest = $ipaddress) {
- shorewall::rule { 'puppetmaster-1':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:$puppetmaster_port",
- proto => 'tcp',
- destinationport => "$puppetmaster_port",
- ratelimit => '-',
- order => 700,
- }
-
- shorewall::rule { 'puppetmaster-2':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:$puppetmaster_port",
- proto => 'udp',
- destinationport => "$puppetmaster_port",
- ratelimit => '-',
- order => 701,
- }
-
- shorewall::rule { 'puppetmaster-3':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:$puppetmaster_port",
- proto => 'tcp',
- destinationport => "$puppetmaster_port",
- originaldest => "$originaldest",
- ratelimit => '-',
- order => 702,
- }
-
- shorewall::rule { 'puppetmaster-4':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:$puppetmaster_port",
- proto => 'udp',
- destinationport => "$puppetmaster_port",
- originaldest => "$originaldest",
- ratelimit => '-',
- order => 703,
- }
-
- shorewall::rule { 'puppetmaster-5':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:$puppetmaster_nonssl_port",
- proto => 'tcp',
- destinationport => "$puppetmaster_nonssl_port",
- ratelimit => '-',
- order => 704,
- }
-
- shorewall::rule { 'puppetmaster-6':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:$puppetmaster_nonssl_port",
- proto => 'udp',
- destinationport => "$puppetmaster_nonssl_port",
- ratelimit => '-',
- order => 705,
- }
-
- shorewall::rule { 'puppetmaster-7':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:$puppetmaster_nonssl_port",
- proto => 'tcp',
- destinationport => "$puppetmaster_nonssl_port",
- originaldest => "$originaldest",
- ratelimit => '-',
- order => 706,
- }
-
- shorewall::rule { 'puppetmaster-8':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:$puppetmaster_nonssl_port",
- proto => 'udp',
- destinationport => "$puppetmaster_nonssl_port",
- originaldest => "$originaldest",
- ratelimit => '-',
- order => 707,
- }
-}
+++ /dev/null
-class firewall::virtual::puppetmaster($destination, $puppetmaster_port = '8140', $puppetmaster_nonssl_port = '8141', $zone = 'fw') {
- shorewall::rule { 'puppetmaster-1':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:$puppetmaster_port",
- proto => 'tcp',
- destinationport => "$puppetmaster_port",
- ratelimit => hiera("firewall::ssl_ratelimit", '-'),
- order => 700,
- }
-
- shorewall::rule { 'puppetmaster-2':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:$puppetmaster_port",
- proto => 'udp',
- destinationport => "$puppetmaster_port",
- ratelimit => hiera("firewall::ssl_ratelimit", '-'),
- order => 701,
- }
-
- shorewall::rule { 'puppetmaster-3':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:$puppetmaster_port",
- proto => 'tcp',
- destinationport => "$puppetmaster_port",
- originaldest => hiera('firewall::external_ip', $::ipaddress),
- ratelimit => hiera("firewall::ssl_ratelimit", '-'),
- order => 702,
- }
-
- shorewall::rule { 'puppetmaster-4':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:$puppetmaster_port",
- proto => 'udp',
- destinationport => "$puppetmaster_port",
- originaldest => hiera('firewall::external_ip', $::ipaddress),
- ratelimit => hiera("firewall::ssl_ratelimit", '-'),
- order => 703,
- }
-
- shorewall::rule { 'puppetmaster-5':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:$puppetmaster_nonssl_port",
- proto => 'tcp',
- destinationport => "$puppetmaster_nonssl_port",
- ratelimit => '-',
- order => 704,
- }
-
- shorewall::rule { 'puppetmaster-6':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:$puppetmaster_nonssl_port",
- proto => 'udp',
- destinationport => "$puppetmaster_nonssl_port",
- ratelimit => '-',
- order => 705,
- }
-
- shorewall::rule { 'puppetmaster-7':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:$puppetmaster_nonssl_port",
- proto => 'tcp',
- destinationport => "$puppetmaster_nonssl_port",
- originaldest => hiera('firewall::external_ip', $::ipaddress),
- ratelimit => '-',
- order => 706,
- }
-
- shorewall::rule { 'puppetmaster-8':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:$puppetmaster_nonssl_port",
- proto => 'udp',
- destinationport => "$puppetmaster_nonssl_port",
- originaldest => hiera('firewall::external_ip', $::ipaddress),
- ratelimit => '-',
- order => 707,
- }
-}
projects / puppet-firewall.git / commitdiff