Enhancing firewall::openvpn rules

diff --git a/manifests/subsystems/firewall/openvpn.pp b/manifests/subsystems/firewall/openvpn.pp
index 51b31fe2f570625ed0eb337751d508a02a3952a2..f5e8c9432fe849b9795e0f4d4c7e430c232b0198 100644 (file)
--- a/manifests/subsystems/firewall/openvpn.pp
+++ b/manifests/subsystems/firewall/openvpn.pp
@@ -12,18 +12,25 @@ class firewall::openvpn {
     sourcezone      => 'loc',
     destinationzone => 'vpn', 
     policy          => 'ACCEPT',
-    order           => '1',
+    order           => '20',
   }
 
   shorewall::policy { 'vpn-loc':
     sourcezone      => 'vpn',
     destinationzone => 'loc', 
     policy          => 'ACCEPT',
-    order           => '1',
+    order           => '21',
+  }
+
+  shorewall::policy { 'fw-vpn':
+    sourcezone      => '$FW',
+    destinationzone => 'vpn', 
+    policy          => 'ACCEPT',
+    order           => '22',
   }
 
   shorewall::tunnel { 'openvpn':
-    tunnel_type => 'openvpn',
+    tunnel_type => 'openvpnclient',
     zone        => 'net',
   }
 }