add ipsec_nat rule port 4500

diff --git a/manifests/rules/ipsec_nat.pp b/manifests/rules/ipsec_nat.pp
new file mode 100644 (file)
index 0000000..6c0d507
--- /dev/null
+++ b/manifests/rules/ipsec_nat.pp
@@ -0,0 +1,18 @@
+class shorewall::rules::ipsec_nat {
+    shorewall::rule {
+      'net-me-ipsec-nat-udp':
+        source          => 'net',
+        destination     => '$FW',
+        proto           => 'udp',
+        destinationport => '4500',
+        order           => 240,
+        action          => 'ACCEPT';
+      'me-net-ipsec-nat-udp':
+        source          => '$FW',
+        destination     => 'net',
+        proto           => 'udp',
+        destinationport => '4500',
+        order           => 240,
+        action          => 'ACCEPT';
+    }
+}