default => false,
}
+ $real_subnet_device = $vm_device ? {
+ false => $device,
+ default => $vm_device,
+ }
+
+ $real_masq_interface = $vm_device ? {
+ false => "${device}:!${vm_address}",
+ default => "${device}",
+ }
+
+ #
+ # Zones
+ #
+ shorewall::zone { 'vm':
+ type => 'ipv4',
+ order => '2',
+ }
+
+ shorewall::zone { 'net':
+ type => 'ipv4',
+ order => '3',
+ }
+
+ shorewall::zone { 'loc':
+ type => 'ipv4',
+ order => 4,
+ }
+
#
# Interfaces
#
}
}
+ #
+ # Hosts
+ #
+ shorewall::host { "${real_subnet_device}-subnet":
+ name => "${real_subnet_device}:${vm_address}",
+ zone => 'vm',
+ options => '',
+ order => '1',
+ }
+
+ if $zone == '-' {
+ shorewall::host { "${device}":
+ name => "${device}:0.0.0.0/0",
+ zone => 'net',
+ options => '',
+ order => '2',
+ }
+ }
+
#
# Policy
#
}
#
- # Hosts
+ # Masq
#
- $real_subnet_device = $vm_device ? {
- false => $device,
- default => $vm_device,
- }
-
- shorewall::host { "${real_subnet_device}-subnet":
- name => "${real_subnet_device}:${vm_address}",
- zone => 'vm',
- options => '',
- order => '1',
- }
-
- if $zone == '-' {
- shorewall::host { "${device}":
- name => "${device}:0.0.0.0/0",
- zone => 'net',
- options => '',
- order => '2',
- }
- }
-
- $real_masq_interface = $vm_device ? {
- false => "${device}:!${vm_address}",
- default => "${device}",
- }
-
shorewall::masq { "${device}":
interface => "${real_masq_interface}",
source => "${vm_address}",
order => 104,
}
- #
- # Zones
- #
- shorewall::zone { 'vm':
- type => 'ipv4',
- order => '2',
- }
-
- shorewall::zone { 'net':
- type => 'ipv4',
- order => '3',
- }
-
- shorewall::zone { 'loc':
- type => 'ipv4',
- order => 4,
- }
-
if $local_net == true {
class { "firewall::local": }
}
projects / puppet-firewall.git / commitdiff