New hiera parameter firewall::external_ip (2)

author Silvio Rhatto <rhatto@riseup.net>

Fri, 26 Sep 2014 19:46:28 +0000 (16:46 -0300)

committer Silvio Rhatto <rhatto@riseup.net>

Fri, 26 Sep 2014 19:46:28 +0000 (16:46 -0300)
author Silvio Rhatto <rhatto@riseup.net>
Fri, 26 Sep 2014 19:46:28 +0000 (16:46 -0300)
committer Silvio Rhatto <rhatto@riseup.net>
Fri, 26 Sep 2014 19:46:28 +0000 (16:46 -0300)
diff --git a/manifests/redirect.pp b/manifests/redirect.pp

index 7a9734a449ab25640c329526879b881cf2e48be5..d3785a15d603555b421da8face0eb981cac4b23a 100644 (file)
--- a/manifests/redirect.pp
+++ b/manifests/redirect.pp
@@ -2,10 +2,12 @@ class firewall::redirect::ssh($destinationport) {
    # When the box is in an internal network and we want to provide
    # and external access through a shared real IP, we have to
    # redirect requests coming from another port to port 22.
+  $ip = hiera('firewall::external_ip', $::ipaddress)
+
    shorewall::rule { "ssh-redirect-1":
      action          => 'DNAT',
      source          => 'net',
-    destination     => "fw:$ipaddress:22",
+    destination     => "fw:$ip:22",
      proto           => 'tcp',
      destinationport => $destinationport,
      ratelimit       => '-',
author	Silvio Rhatto <rhatto@riseup.net>
	Fri, 26 Sep 2014 19:46:28 +0000 (16:46 -0300)
committer	Silvio Rhatto <rhatto@riseup.net>
	Fri, 26 Sep 2014 19:46:28 +0000 (16:46 -0300)