libvirt::host: make debproxy port configurable.

author intrigeri <intrigeri@boum.org>

Sat, 9 Feb 2013 15:34:22 +0000 (16:34 +0100)

committer intrigeri <intrigeri@boum.org>

Sat, 9 Feb 2013 15:34:22 +0000 (16:34 +0100)
author intrigeri <intrigeri@boum.org>
Sat, 9 Feb 2013 15:34:22 +0000 (16:34 +0100)
committer intrigeri <intrigeri@boum.org>
Sat, 9 Feb 2013 15:34:22 +0000 (16:34 +0100)
diff --git a/manifests/rules/libvirt/host.pp b/manifests/rules/libvirt/host.pp

index aaecd9dd7e27c4866c77d54f8b7272119b2f79cd..ac5f045c4695b0072770138b36b10814ee65dbc3 100644 (file)
--- a/manifests/rules/libvirt/host.pp
+++ b/manifests/rules/libvirt/host.pp
@@ -1,6 +1,7 @@
  class shorewall::rules::libvirt::host (
-  $vmz        = 'vmz',
-  $masq_iface = 'eth0',
+  $vmz           = 'vmz',
+  $masq_iface    = 'eth0',
+  $debproxy_port = 8000,
    ) {
  
    define shorewall::rule::accept::from_vmz (
@@ -33,10 +34,17 @@ class shorewall::rules::libvirt::host (
    shorewall::rule::accept::from_vmz {
      'accept_dns_from_vmz':      action => 'DNS(ACCEPT)';
      'accept_tftp_from_vmz':     action => 'TFTP(ACCEPT)';
-    'accept_debproxy_from_vmz': proto => 'tcp', destinationport => '8000', action => 'ACCEPT';
      'accept_puppet_from_vmz':   proto => 'tcp', destinationport => '8140', action => 'ACCEPT';
    }
  
+  if $debproxy_port {
+    shorewall::rule::accept::from_vmz { 'accept_debproxy_from_vmz':
+      proto           => 'tcp',
+      destinationport => $debproxy_port,
+      action          => 'ACCEPT';
+    }
+  }
+
    shorewall::masq {
      "masq-${masq_iface}":
        interface => "$masq_iface",
author	intrigeri <intrigeri@boum.org>
	Sat, 9 Feb 2013 15:34:22 +0000 (16:34 +0100)
committer	intrigeri <intrigeri@boum.org>
	Sat, 9 Feb 2013 15:34:22 +0000 (16:34 +0100)