make it possible to exent nets for ipsec

author mh <mh@immerda.ch>

Tue, 1 Jan 2013 15:22:55 +0000 (16:22 +0100)

committer mh <mh@immerda.ch>

Tue, 1 Jan 2013 15:22:55 +0000 (16:22 +0100)
author mh <mh@immerda.ch>
Tue, 1 Jan 2013 15:22:55 +0000 (16:22 +0100)
committer mh <mh@immerda.ch>
Tue, 1 Jan 2013 15:22:55 +0000 (16:22 +0100)
diff --git a/manifests/rules/ipsec.pp b/manifests/rules/ipsec.pp

index 3e9db55317dd8586e93df9fd5cd1bbc97241a7cf..82adff09dc022c260d6b206eda2e2f766d0e7b9c 100644 (file)
--- a/manifests/rules/ipsec.pp
+++ b/manifests/rules/ipsec.pp
@@ -1,7 +1,9 @@
-class shorewall::rules::ipsec {
+class shorewall::rules::ipsec(
+  $source = 'net'
+) {
      shorewall::rule {
        'net-me-ipsec-udp':
-        source          => 'net',
+        source          => $shorewall::rules::ipsec::source,
          destination     => '$FW',
          proto           => 'udp',
          destinationport => '500',
@@ -9,20 +11,20 @@ class shorewall::rules::ipsec {
          action          => 'ACCEPT';
        'me-net-ipsec-udp':
          source          => '$FW',
-        destination     => 'net',
+        destination     => $shorewall::rules::ipsec::source,
          proto           => 'udp',
          destinationport => '500',
          order           => 240,
          action          => 'ACCEPT';
        'net-me-ipsec':
-        source          => 'net',
+        source          => $shorewall::rules::ipsec::source,
          destination     => '$FW',
          proto           => 'esp',
          order           => 240,
          action          => 'ACCEPT';
        'me-net-ipsec':
          source          => '$FW',
-        destination     => 'net',
+        destination     => $shorewall::rules::ipsec::source,
          proto           => 'esp',
          order           => 240,
          action          => 'ACCEPT';
author	mh <mh@immerda.ch>
	Tue, 1 Jan 2013 15:22:55 +0000 (16:22 +0100)
committer	mh <mh@immerda.ch>
	Tue, 1 Jan 2013 15:22:55 +0000 (16:22 +0100)