import "dhcp"
# Import subsystems
-import "subsystems/firewall.pp"
import "subsystems/firewire.pp"
import "subsystems/initramfs.pp"
import "subsystems/motd.pp"
import "subsystems/utils/storage.pp"
import "subsystems/utils/web.pp"
import "subsystems/utils/plug.pp"
+import "subsystems/firewall.pp"
+import "subsystems/firewall/printer.pp"
+import "subsystems/firewall/router.pp"
+import "subsystems/firewall/vserver.pp"
+import "subsystems/firewall/torrent.pp"
+import "subsystems/firewall/ups.pp"
+import "subsystems/firewall/wifi.pp"
# Import nodo classes
import "nodo.pp"
}
}
}
-
-class firewall::wifi {
- $rfc1918 = $shorewall_local_net ? {
- true => true,
- false => false,
- default => false,
- }
-
- # Default device depends if madwifi or
- # built-in kernel driver is being used
- $wifi_default_device = $lsbdistcodename ? {
- 'lenny' => 'ath0',
- default => 'wlan0',
- }
-
- $wifi_dev = $wifi_device ? {
- '' => $wifi_default_device,
- default => $wifi_device,
- }
-
- #
- # Interfaces
- #
- shorewall::interface { "$wifi_dev":
- zone => '-',
- rfc1918 => $rfc1918,
- }
-
- #
- # Hosts
- #
- shorewall::host { "$wifi_dev-subnet":
- name => "$wifi_dev:192.168.0.0/24",
- zone => 'vm',
- options => '',
- order => '1',
- }
-
- shorewall::host { "$wifi_dev":
- name => "$wifi_dev:0.0.0.0/0",
- zone => 'net',
- options => '',
- order => '2',
- }
-
- shorewall::masq { "$wifi_dev":
- interface => "$wifi_dev:!192.168.0.0/24",
- source => '192.168.0.0/24',
- order => '1',
- }
-}
-
-class firewall::printer {
- shorewall::rule { "cups-tcp":
- action => 'ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => 'tcp',
- destinationport => "631",
- ratelimit => '-',
- order => "200",
- }
-
- shorewall::rule { "cups-udp":
- action => 'ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => 'udp',
- destinationport => "631",
- ratelimit => '-',
- order => "201",
- }
-}
-
-class firewall::ups {
- shorewall::rule { "ups":
- action => 'ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => 'tcp',
- destinationport => "3551",
- ratelimit => '-',
- order => "200",
- }
-}
-
-class firewall::torrent {
- shorewall::rule { "torrent-tcp":
- action => 'ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => 'tcp',
- destinationport => "6881:6999",
- ratelimit => '-',
- order => "200",
- }
-
- shorewall::rule { "torrent-udp":
- action => 'ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => 'udp',
- destinationport => "6881:6999",
- ratelimit => '-',
- order => "201",
- }
-}
-
-class firewall::router::http($destination, $zone = 'vm') {
- # We have two rules because to avoid loops in the internal proxy
- shorewall::rule { 'http-route-1':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:80",
- proto => 'tcp',
- destinationport => '80',
- ratelimit => '-',
- order => '600',
- }
-
- shorewall::rule { 'http-route-2':
- action => 'DNAT',
- source => '$FW',
- destination => "fw:$destination:80",
- proto => 'tcp',
- destinationport => '80',
- originaldest => "$ipaddress",
- ratelimit => '-',
- order => '601',
- }
-}
-
-class firewall::router::https($destination, $zone = 'vm') {
- # We have two rules because to avoid loops in the internal proxy
- shorewall::rule { 'https-route-1':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:443",
- proto => 'tcp',
- destinationport => '443',
- ratelimit => '-',
- order => '602',
- }
-
- shorewall::rule { 'https-route-2':
- action => 'DNAT',
- source => '$FW',
- destination => "fw:$destination:443",
- proto => 'tcp',
- destinationport => '443',
- originaldest => "$ipaddress",
- ratelimit => '-',
- order => '602',
- }
-}
-
-class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140', $puppetmaster_nonssl_port = '8141', $zone = 'vm') {
- shorewall::rule { 'puppetmaster-1':
- action => 'DNAT',
- source => 'all',
- destination => "$zone:$destination:$puppetmaster_port",
- proto => 'tcp',
- destinationport => "$puppetmaster_port",
- ratelimit => '-',
- order => '700',
- }
-
- shorewall::rule { 'puppetmaster-2':
- action => 'DNAT',
- source => 'all',
- destination => "$zone:$destination:$puppetmaster_port",
- proto => 'udp',
- destinationport => "$puppetmaster_port",
- ratelimit => '-',
- order => '701',
- }
-
- shorewall::rule { 'puppetmaster-3':
- action => 'DNAT',
- source => 'all',
- destination => "$zone:$destination:$puppetmaster_nonssl_port",
- proto => 'tcp',
- destinationport => "$puppetmaster_nonssl_port",
- ratelimit => '-',
- order => '704',
- }
-
- shorewall::rule { 'puppetmaster-4':
- action => 'DNAT',
- source => 'all',
- destination => "$zone:$destination:$puppetmaster_nonssl_port",
- proto => 'udp',
- destinationport => "$puppetmaster_nonssl_port",
- ratelimit => '-',
- order => '705',
- }
-}
-
-class firewall::router::gitd($destination, $zone = 'fw') {
- shorewall::rule { 'git-daemon-1':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:9418",
- proto => 'tcp',
- destinationport => '9418',
- ratelimit => '-',
- order => '800',
- }
-
- shorewall::rule { 'git-daemon-2':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:9418",
- proto => 'tcp',
- destinationport => '9418',
- originaldest => "$ipaddress",
- ratelimit => '-',
- order => '801',
- }
-}
-
-class firewall::router::icecast($destination, $zone = 'vm') {
- shorewall::rule { 'icecast-1':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:8000",
- proto => 'tcp',
- destinationport => '8000',
- ratelimit => '-',
- order => '900',
- }
-
- shorewall::rule { 'icecast-2':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:8000",
- proto => 'tcp',
- destinationport => '8000',
- originaldest => "$ipaddress",
- ratelimit => '-',
- order => '901',
- }
-}
-
-class firewall::router::mail($destination, $zone = 'vm') {
- shorewall::rule { 'mail-1':
- action => 'DNAT',
- source => 'all',
- destination => "$zone:$destination:25",
- proto => 'tcp',
- destinationport => '25',
- ratelimit => '-',
- order => '1000',
- }
-
- shorewall::rule { 'mail-2':
- action => 'DNAT',
- source => 'all',
- destination => "$zone:$destination:993",
- proto => 'tcp',
- destinationport => '993',
- ratelimit => '-',
- order => '1002',
- }
-}
-
-define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'vm') {
- shorewall::rule { "ssh-$name":
- action => 'DNAT',
- source => 'all',
- destination => $port_dest ? {
- '' => "$zone:$destination",
- default => "$zone:$destination:$port_dest",
- },
- proto => 'tcp',
- destinationport => "$port_orig",
- ratelimit => '-',
- order => "2$port_orig",
- }
-}
-
-define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone = 'vm') {
- shorewall::rule { "munin-$name":
- action => 'DNAT',
- source => 'all',
- destination => $port_dest ? {
- '' => "$zone:$destination",
- default => "$zone:$destination:$port_dest",
- },
- proto => 'tcp',
- destinationport => "$port_orig",
- ratelimit => '-',
- order => "4$id",
- }
-}
-
-class firewall::router::torrent($destination, $zone = 'vm') {
- shorewall::rule { "torrent-tcp":
- action => 'DNAT',
- source => 'all',
- destination => "$zone:$destination",
- proto => 'tcp',
- destinationport => "6881:6999",
- ratelimit => '-',
- order => "200",
- }
-
- shorewall::rule { "torrent-udp":
- action => 'DNAT',
- source => 'all',
- destination => "$zone:$destination",
- proto => 'udp',
- destinationport => "6881:6999",
- ratelimit => '-',
- order => "201",
- }
-}
--- /dev/null
+class firewall::printer {
+ shorewall::rule { "cups-tcp":
+ action => 'ACCEPT',
+ source => 'net',
+ destination => '$FW',
+ proto => 'tcp',
+ destinationport => "631",
+ ratelimit => '-',
+ order => "200",
+ }
+
+ shorewall::rule { "cups-udp":
+ action => 'ACCEPT',
+ source => 'net',
+ destination => '$FW',
+ proto => 'udp',
+ destinationport => "631",
+ ratelimit => '-',
+ order => "201",
+ }
+}
--- /dev/null
+class firewall::router::http($destination, $zone = 'vm') {
+ shorewall::rule { 'http-route':
+ action => 'DNAT',
+ source => 'all',
+ destination => "$zone:$destination:80",
+ proto => 'tcp',
+ destinationport => '80',
+ ratelimit => '-',
+ order => '600',
+ }
+}
+
+class firewall::router::https($destination, $zone = 'vm') {
+ shorewall::rule { 'https-route':
+ action => 'DNAT',
+ source => 'all',
+ destination => "$zone:$destination:443",
+ proto => 'tcp',
+ destinationport => '443',
+ ratelimit => '-',
+ order => '602',
+ }
+}
+
+class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140', $puppetmaster_nonssl_port = '8141', $zone = 'fw') {
+ shorewall::rule { 'puppetmaster-1':
+ action => 'DNAT',
+ source => 'all',
+ destination => "$zone:$destination:$puppetmaster_port",
+ proto => 'tcp',
+ destinationport => "$puppetmaster_port",
+ ratelimit => '-',
+ order => '700',
+ }
+
+ shorewall::rule { 'puppetmaster-2':
+ action => 'DNAT',
+ source => 'all',
+ destination => "$zone:$destination:$puppetmaster_port",
+ proto => 'udp',
+ destinationport => "$puppetmaster_port",
+ ratelimit => '-',
+ order => '701',
+ }
+
+ shorewall::rule { 'puppetmaster-3':
+ action => 'DNAT',
+ source => 'all',
+ destination => "$zone:$destination:$puppetmaster_nonssl_port",
+ proto => 'tcp',
+ destinationport => "$puppetmaster_nonssl_port",
+ ratelimit => '-',
+ order => '704',
+ }
+
+ shorewall::rule { 'puppetmaster-4':
+ action => 'DNAT',
+ source => 'all',
+ destination => "$zone:$destination:$puppetmaster_nonssl_port",
+ proto => 'udp',
+ destinationport => "$puppetmaster_nonssl_port",
+ ratelimit => '-',
+ order => '705',
+ }
+}
+
+class firewall::router::gitd($destination, $zone = 'fw') {
+ shorewall::rule { 'git-daemon':
+ action => 'DNAT',
+ source => 'net',
+ destination => "$zone:$destination:9418",
+ proto => 'tcp',
+ destinationport => '9418',
+ ratelimit => '-',
+ order => '800',
+ }
+}
+
+class firewall::router::icecast($destination, $zone = 'fw') {
+ shorewall::rule { 'icecast-1':
+ action => 'DNAT',
+ source => 'net',
+ destination => "$zone:$destination:8000",
+ proto => 'tcp',
+ destinationport => '8000',
+ ratelimit => '-',
+ order => '900',
+ }
+
+ shorewall::rule { 'icecast-2':
+ action => 'DNAT',
+ source => '$FW',
+ destination => "$zone:$destination:8000",
+ proto => 'tcp',
+ destinationport => '8000',
+ originaldest => "$ipaddress",
+ ratelimit => '-',
+ order => '901',
+ }
+}
+
+class firewall::router::mail($destination, $zone = 'fw') {
+ shorewall::rule { 'mail-1':
+ action => 'DNAT',
+ source => 'all',
+ destination => "$zone:$destination:25",
+ proto => 'tcp',
+ destinationport => '25',
+ ratelimit => '-',
+ order => '1000',
+ }
+
+ shorewall::rule { 'mail-2':
+ action => 'DNAT',
+ source => 'all',
+ destination => "$zone:$destination:993",
+ proto => 'tcp',
+ destinationport => '993',
+ ratelimit => '-',
+ order => '1002',
+ }
+}
+
+define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'vm') {
+ shorewall::rule { "ssh-$name":
+ action => 'DNAT',
+ source => 'all',
+ destination => $port_dest ? {
+ '' => "$zone:$destination",
+ default => "$zone:$destination:$port_dest",
+ },
+ proto => 'tcp',
+ destinationport => "$port_orig",
+ ratelimit => '-',
+ order => "2$port_orig",
+ }
+}
+
+define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone = 'fw') {
+ shorewall::rule { "munin-$name":
+ action => 'DNAT',
+ source => 'all',
+ destination => $port_dest ? {
+ '' => "$zone:$destination",
+ default => "$zone:$destination:$port_dest",
+ },
+ proto => 'tcp',
+ destinationport => "$port_orig",
+ ratelimit => '-',
+ order => "4$id",
+ }
+}
+
+class firewall::router::torrent($destination, $zone = 'fw') {
+ shorewall::rule { "torrent-tcp":
+ action => 'DNAT',
+ source => 'all',
+ destination => "$zone:$destination",
+ proto => 'tcp',
+ destinationport => "6881:6999",
+ ratelimit => '-',
+ order => "200",
+ }
+
+ shorewall::rule { "torrent-udp":
+ action => 'DNAT',
+ source => 'all',
+ destination => "$zone:$destination",
+ proto => 'udp',
+ destinationport => "6881:6999",
+ ratelimit => '-',
+ order => "201",
+ }
+}
--- /dev/null
+class firewall::torrent {
+ shorewall::rule { "torrent-tcp":
+ action => 'ACCEPT',
+ source => 'net',
+ destination => '$FW',
+ proto => 'tcp',
+ destinationport => "6881:6999",
+ ratelimit => '-',
+ order => "200",
+ }
+
+ shorewall::rule { "torrent-udp":
+ action => 'ACCEPT',
+ source => 'net',
+ destination => '$FW',
+ proto => 'udp',
+ destinationport => "6881:6999",
+ ratelimit => '-',
+ order => "201",
+ }
+}
--- /dev/null
+class firewall::ups {
+ shorewall::rule { "ups":
+ action => 'ACCEPT',
+ source => 'net',
+ destination => '$FW',
+ proto => 'tcp',
+ destinationport => "3551",
+ ratelimit => '-',
+ order => "200",
+ }
+}
--- /dev/null
+class firewall::vserver::http($destination, $zone = 'vm') {
+ shorewall::rule { 'http-route-1':
+ action => 'DNAT',
+ source => 'net',
+ destination => "$zone:$destination:80",
+ proto => 'tcp',
+ destinationport => '80',
+ ratelimit => '-',
+ order => '600',
+ }
+
+ shorewall::rule { 'http-route-2':
+ action => 'DNAT',
+ source => '$FW',
+ destination => "fw:$destination:80",
+ proto => 'tcp',
+ destinationport => '80',
+ originaldest => "$ipaddress",
+ ratelimit => '-',
+ order => '601',
+ }
+}
+
+class firewall::vserver::https($destination, $zone = 'vm') {
+ shorewall::rule { 'https-route-1':
+ action => 'DNAT',
+ source => 'net',
+ destination => "$zone:$destination:443",
+ proto => 'tcp',
+ destinationport => '443',
+ ratelimit => '-',
+ order => '602',
+ }
+
+ shorewall::rule { 'https-route-2':
+ action => 'DNAT',
+ source => '$FW',
+ destination => "fw:$destination:443",
+ proto => 'tcp',
+ destinationport => '443',
+ originaldest => "$ipaddress",
+ ratelimit => '-',
+ order => '602',
+ }
+}
+
+class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', $puppetmaster_nonssl_port = '8141') {
+ shorewall::rule { 'puppetmaster-1':
+ action => 'DNAT',
+ source => 'net',
+ destination => "fw:$destination:$puppetmaster_port",
+ proto => 'tcp',
+ destinationport => "$puppetmaster_port",
+ ratelimit => '-',
+ order => '700',
+ }
+
+ shorewall::rule { 'puppetmaster-2':
+ action => 'DNAT',
+ source => 'net',
+ destination => "fw:$destination:$puppetmaster_port",
+ proto => 'udp',
+ destinationport => "$puppetmaster_port",
+ ratelimit => '-',
+ order => '701',
+ }
+
+ shorewall::rule { 'puppetmaster-3':
+ action => 'DNAT',
+ source => '$FW',
+ destination => "fw:$destination:$puppetmaster_port",
+ proto => 'tcp',
+ destinationport => "$puppetmaster_port",
+ originaldest => "$ipaddress",
+ ratelimit => '-',
+ order => '702',
+ }
+
+ shorewall::rule { 'puppetmaster-4':
+ action => 'DNAT',
+ source => '$FW',
+ destination => "fw:$destination:$puppetmaster_port",
+ proto => 'udp',
+ destinationport => "$puppetmaster_port",
+ originaldest => "$ipaddress",
+ ratelimit => '-',
+ order => '703',
+ }
+
+ shorewall::rule { 'puppetmaster-5':
+ action => 'DNAT',
+ source => 'net',
+ destination => "fw:$destination:$puppetmaster_nonssl_port",
+ proto => 'tcp',
+ destinationport => "$puppetmaster_nonssl_port",
+ ratelimit => '-',
+ order => '704',
+ }
+
+ shorewall::rule { 'puppetmaster-6':
+ action => 'DNAT',
+ source => 'net',
+ destination => "fw:$destination:$puppetmaster_nonssl_port",
+ proto => 'udp',
+ destinationport => "$puppetmaster_nonssl_port",
+ ratelimit => '-',
+ order => '705',
+ }
+
+ shorewall::rule { 'puppetmaster-7':
+ action => 'DNAT',
+ source => '$FW',
+ destination => "fw:$destination:$puppetmaster_nonssl_port",
+ proto => 'tcp',
+ destinationport => "$puppetmaster_nonssl_port",
+ originaldest => "$ipaddress",
+ ratelimit => '-',
+ order => '706',
+ }
+
+ shorewall::rule { 'puppetmaster-8':
+ action => 'DNAT',
+ source => '$FW',
+ destination => "fw:$destination:$puppetmaster_nonssl_port",
+ proto => 'udp',
+ destinationport => "$puppetmaster_nonssl_port",
+ originaldest => "$ipaddress",
+ ratelimit => '-',
+ order => '707',
+ }
+}
+
+class firewall::vserver::gitd($destination) {
+ shorewall::rule { 'git-daemon-1':
+ action => 'DNAT',
+ source => 'net',
+ destination => "fw:$destination:9418",
+ proto => 'tcp',
+ destinationport => '9418',
+ ratelimit => '-',
+ order => '800',
+ }
+
+ shorewall::rule { 'git-daemon-2':
+ action => 'DNAT',
+ source => '$FW',
+ destination => "fw:$destination:9418",
+ proto => 'tcp',
+ destinationport => '9418',
+ originaldest => "$ipaddress",
+ ratelimit => '-',
+ order => '801',
+ }
+}
+
+class firewall::vserver::icecast($destination) {
+ shorewall::rule { 'icecast-1':
+ action => 'DNAT',
+ source => 'net',
+ destination => "fw:$destination:8000",
+ proto => 'tcp',
+ destinationport => '8000',
+ ratelimit => '-',
+ order => '900',
+ }
+
+ shorewall::rule { 'icecast-2':
+ action => 'DNAT',
+ source => '$FW',
+ destination => "fw:$destination:8000",
+ proto => 'tcp',
+ destinationport => '8000',
+ originaldest => "$ipaddress",
+ ratelimit => '-',
+ order => '901',
+ }
+}
+
+class firewall::vserver::mail($destination) {
+ shorewall::rule { 'mail-1':
+ action => 'DNAT',
+ source => 'net',
+ destination => "fw:$destination:25",
+ proto => 'tcp',
+ destinationport => '25',
+ ratelimit => '-',
+ order => '1000',
+ }
+
+ shorewall::rule { 'mail-2':
+ action => 'DNAT',
+ source => '$FW',
+ destination => "fw:$destination:25",
+ proto => 'tcp',
+ destinationport => '25',
+ originaldest => "$ipaddress",
+ ratelimit => '-',
+ order => '1001',
+ }
+
+ shorewall::rule { 'mail-3':
+ action => 'DNAT',
+ source => 'net',
+ destination => "fw:$destination:993",
+ proto => 'tcp',
+ destinationport => '993',
+ ratelimit => '-',
+ order => '1002',
+ }
+
+ shorewall::rule { 'mail-4':
+ action => 'DNAT',
+ source => '$FW',
+ destination => "fw:$destination:993",
+ proto => 'tcp',
+ destinationport => '993',
+ originaldest => "$ipaddress",
+ ratelimit => '-',
+ order => '1003',
+ }
+}
+
+define firewall::vserver::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'vm') {
+ shorewall::rule { "ssh-$name-1":
+ action => 'DNAT',
+ source => 'net',
+ destination => $port_dest ? {
+ '' => "$zone:$destination",
+ default => "$zone:$destination:$port_dest",
+ },
+ proto => 'tcp',
+ destinationport => "$port_orig",
+ ratelimit => '-',
+ order => "2$port_orig",
+ }
+
+ shorewall::rule { "ssh-$name-2":
+ action => 'DNAT',
+ source => '$FW',
+ destination => $port_dest ? {
+ '' => "fw:$destination",
+ default => "fw:$destination:$port_dest",
+ },
+ proto => 'tcp',
+ destinationport => "$port_orig",
+ originaldest => "$ipaddress",
+ ratelimit => '-',
+ order => "2$port_orig",
+ }
+}
+
+define firewall::vserver::munin($destination, $port_orig, $port_dest = '') {
+ shorewall::rule { "munin-$name-1":
+ action => 'DNAT',
+ source => 'net',
+ destination => $port_dest ? {
+ '' => "fw:$destination",
+ default => "fw:$destination:$port_dest",
+ },
+ proto => 'tcp',
+ destinationport => "$port_orig",
+ ratelimit => '-',
+ order => "4$id",
+ }
+
+ shorewall::rule { "munin-$name-2":
+ action => 'DNAT',
+ source => '$FW',
+ destination => $port_dest ? {
+ '' => "fw:$destination",
+ default => "fw:$destination:$port_dest",
+ },
+ proto => 'tcp',
+ destinationport => "$port_orig",
+ originaldest => "$ipaddress",
+ ratelimit => '-',
+ order => "5$id",
+ }
+}
--- /dev/null
+class firewall::wifi {
+ $rfc1918 = $shorewall_local_net ? {
+ true => true,
+ false => false,
+ default => false,
+ }
+
+ # Default device depends if madwifi or
+ # built-in kernel driver is being used
+ $wifi_default_device = $lsbdistcodename ? {
+ 'lenny' => 'ath0',
+ default => 'wlan0',
+ }
+
+ $wifi_dev = $wifi_device ? {
+ '' => $wifi_default_device,
+ default => $wifi_device,
+ }
+
+ #
+ # Interfaces
+ #
+ shorewall::interface { "$wifi_dev":
+ zone => '-',
+ rfc1918 => $rfc1918,
+ }
+
+ #
+ # Hosts
+ #
+ shorewall::host { "$wifi_dev-subnet":
+ name => "$wifi_dev:192.168.0.0/24",
+ zone => 'vm',
+ options => '',
+ order => '1',
+ }
+
+ shorewall::host { "$wifi_dev":
+ name => "$wifi_dev:0.0.0.0/0",
+ zone => 'net',
+ options => '',
+ order => '2',
+ }
+
+ shorewall::masq { "$wifi_dev":
+ interface => "$wifi_dev:!192.168.0.0/24",
+ source => '192.168.0.0/24',
+ order => '1',
+ }
+}
# Apply firewall rules just for running vservers
case $ensure {
'running': {
- firewall::router::ssh { "$name":
+ firewall::vserver::ssh { "$name":
destination => "192.168.0.$context",
port_orig => "22$id",
port_dest => "22",
}
- firewall::router::munin { "$name":
+ firewall::vserver::munin { "$name":
destination => "192.168.0.$context",
port_orig => "49$id",
port_dest => "49$id",
if $proxy {
class {
- "firewall::router::http": destination => "192.168.0.$context";
- "firewall::router::https": destination => "192.168.0.$context";
+ "firewall::vserver::http": destination => "192.168.0.$context";
+ "firewall::vserver::https": destination => "192.168.0.$context";
}
}
if $puppetmaster {
class {
- "firewall::router::puppetmaster":
+ "firewall::vserver::puppetmaster":
destination => "192.168.0.$context",
puppetmaster_port => $puppetmaster_port,
puppetmaster_nonssl_port => $puppetmaster_nonssl_port,
if $gitd {
class {
- "firewall::router::gitd": destination => "192.168.0.$context";
+ "firewall::vserver::gitd": destination => "192.168.0.$context";
}
}
if $icecast {
class {
- "firewall::router::icecast": destination => "192.168.0.$context";
+ "firewall::vserver::icecast": destination => "192.168.0.$context";
}
}
if $mail {
class {
- "firewall::router::mail": destination => "192.168.0.$context";
+ "firewall::vserver::mail": destination => "192.168.0.$context";
}
}
}
projects / puppet-nodo.git / commitdiff