Adding originaldest parameter at firewall::router definitions

diff --git a/manifests/subsystems/firewall/router.pp b/manifests/subsystems/firewall/router.pp
index a8d18c5bb09e13b0832f43b7728c84daad4b9eb0..7b01be6b5398c138710210739de9ff44bf62ee62 100644 (file)
--- a/manifests/subsystems/firewall/router.pp
+++ b/manifests/subsystems/firewall/router.pp
@@ -1,4 +1,4 @@
-class firewall::router::http($destination, $zone = 'loc') {
+class firewall::router::http($destination, $zone = 'loc', $originaldest = $ipaddress) {
   shorewall::rule { 'http-route-1':
     action          => 'DNAT',
     source          => 'net',
@@ -15,13 +15,13 @@ class firewall::router::http($destination, $zone = 'loc') {
     destination     => "fw:$destination:80",
     proto           => 'tcp',
     destinationport => '80',
-    originaldest    => "$ipaddress",
+    originaldest    => "$originaldest",
     ratelimit       => '-',
     order           => '601',
   }
 }
 
-class firewall::router::https($destination, $zone = 'loc') {
+class firewall::router::https($destination, $zone = 'loc', $originaldest = $ipaddress) {
   shorewall::rule { 'https-route-1':
     action          => 'DNAT',
     source          => 'net',
@@ -38,14 +38,15 @@ class firewall::router::https($destination, $zone = 'loc') {
     destination     => "fw:$destination:443",
     proto           => 'tcp',
     destinationport => '443',
-    originaldest    => "$ipaddress",
+    originaldest    => "$originaldest",
     ratelimit       => '-',
     order           => '602',
   }
 }
 
 class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140',
-                                     $puppetmaster_nonssl_port = '8141', $zone = 'loc') {
+                                     $puppetmaster_nonssl_port = '8141', $zone = 'loc',
+                                     $originaldest = $ipaddress) {
   shorewall::rule { 'puppetmaster-1':
     action          => 'DNAT',
     source          => 'net',
@@ -72,7 +73,7 @@ class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140',
     destination     => "$zone:$destination:$puppetmaster_port",
     proto           => 'tcp',
     destinationport => "$puppetmaster_port",
-    originaldest    => "$ipaddress",
+    originaldest    => "$originaldest",
     ratelimit       => '-',
     order           => '702',
   }
@@ -83,7 +84,7 @@ class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140',
     destination     => "$zone:$destination:$puppetmaster_port",
     proto           => 'udp',
     destinationport => "$puppetmaster_port",
-    originaldest    => "$ipaddress",
+    originaldest    => "$originaldest",
     ratelimit       => '-',
     order           => '703',
   }
@@ -114,7 +115,7 @@ class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140',
     destination     => "$zone:$destination:$puppetmaster_nonssl_port",
     proto           => 'tcp',
     destinationport => "$puppetmaster_nonssl_port",
-    originaldest    => "$ipaddress",
+    originaldest    => "$originaldest",
     ratelimit       => '-',
     order           => '706',
   }
@@ -125,13 +126,13 @@ class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140',
     destination     => "$zone:$destination:$puppetmaster_nonssl_port",
     proto           => 'udp',
     destinationport => "$puppetmaster_nonssl_port",
-    originaldest    => "$ipaddress",
+    originaldest    => "$originaldest",
     ratelimit       => '-',
     order           => '707',
   }
 }
 
-class firewall::router::gitd($destination, $zone = 'loc') {
+class firewall::router::gitd($destination, $zone = 'loc', $originaldest = $ipaddress) {
   shorewall::rule { 'git-daemon-1':
     action          => 'DNAT',
     source          => 'net',
@@ -148,13 +149,13 @@ class firewall::router::gitd($destination, $zone = 'loc') {
     destination     => "$zone:$destination:9418",
     proto           => 'tcp',
     destinationport => '9418',
-    originaldest    => "$ipaddress",
+    originaldest    => "$originaldest",
     ratelimit       => '-',
     order           => '801',
   }
 }
 
-class firewall::router::icecast($destination, $zone = 'loc') {
+class firewall::router::icecast($destination, $zone = 'loc', $originaldest = $ipaddress) {
   shorewall::rule { 'icecast-1':
     action          => 'DNAT',
     source          => 'net',
@@ -171,13 +172,13 @@ class firewall::router::icecast($destination, $zone = 'loc') {
     destination     => "$zone:$destination:8000",
     proto           => 'tcp',
     destinationport => '8000',
-    originaldest    => "$ipaddress",
+    originaldest    => "$originaldest",
     ratelimit       => '-',
     order           => '901',
   }
 }
 
-class firewall::router::mail($destination, $zone = 'loc') {
+class firewall::router::mail($destination, $zone = 'loc', $originaldest = $ipaddress) {
   shorewall::rule { 'mail-1':
     action          => 'DNAT',
     source          => 'net',
@@ -194,7 +195,7 @@ class firewall::router::mail($destination, $zone = 'loc') {
     destination     => "$zone:$destination:25",
     proto           => 'tcp',
     destinationport => '25',
-    originaldest    => "$ipaddress",
+    originaldest    => "$originaldest",
     ratelimit       => '-',
     order           => '1001',
   }
@@ -215,13 +216,14 @@ class firewall::router::mail($destination, $zone = 'loc') {
     destination     => "$zone:$destination:993",
     proto           => 'tcp',
     destinationport => '993',
-    originaldest    => "$ipaddress",
+    originaldest    => "$originaldest",
     ratelimit       => '-',
     order           => '1003',
   }
 }
 
-define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'loc') {
+define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'loc',
+                             $originaldest = $ipaddress) {
   shorewall::rule { "ssh-$name-1":
     action          => 'DNAT',
     source          => 'net',
@@ -244,13 +246,14 @@ define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $
     },
     proto           => 'tcp',
     destinationport => "$port_orig",
-    originaldest    => "$ipaddress",
+    originaldest    => "$originaldest",
     ratelimit       => '-',
     order           => "2$port_orig",
   }
 }
 
-define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone = 'loc', $order = '400') {
+define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone = 'loc',
+                               $order = '400', $originaldest = $ipaddress) {
   shorewall::rule { "munin-$name-1":
     action          => 'DNAT',
     source          => 'net',
@@ -273,13 +276,13 @@ define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone
     },
     proto           => 'tcp',
     destinationport => "$port_orig",
-    originaldest    => "$ipaddress",
+    originaldest    => "$originaldest",
     ratelimit       => '-',
     order           => $order,
   }
 }
 
-class firewall::router::torrent($destination, $zone = 'loc') {
+class firewall::router::torrent($destination, $zone = 'loc', $originaldest = $ipaddress) {
   shorewall::rule { "torrent-tcp-1":
     action          => 'DNAT',
     source          => 'net',
@@ -296,7 +299,7 @@ class firewall::router::torrent($destination, $zone = 'loc') {
     destination     => "$zone:$destination",
     proto           => 'tcp',
     destinationport => "6881:6999",
-    originaldest    => "$ipaddress",
+    originaldest    => "$originaldest",
     ratelimit       => '-',
     order           => "200",
   }
@@ -317,7 +320,7 @@ class firewall::router::torrent($destination, $zone = 'loc') {
     destination     => "$zone:$destination",
     proto           => 'udp',
     destinationport => "6881:6999",
-    originaldest    => "$ipaddress",
+    originaldest    => "$originaldest",
     ratelimit       => '-',
     order           => "201",
   }