added ipsec rule

author o <o@immerda.ch>

Mon, 25 Apr 2011 23:13:58 +0000 (01:13 +0200)

committer Micah Anderson <micah@riseup.net>

Tue, 21 Jun 2011 16:15:45 +0000 (12:15 -0400)
author o <o@immerda.ch>
Mon, 25 Apr 2011 23:13:58 +0000 (01:13 +0200)
committer Micah Anderson <micah@riseup.net>
Tue, 21 Jun 2011 16:15:45 +0000 (12:15 -0400)
diff --git a/manifests/rules/ipsec.pp b/manifests/rules/ipsec.pp

new file mode 100644 (file)

index 0000000..c609d0a
--- /dev/null
+++ b/manifests/rules/ipsec.pp
@@ -0,0 +1,18 @@
+class shorewall::rules::ipsec {
+    shorewall::rule { 'net-me-ipsec-udp':
+        source          => 'net',
+        destination     => '$FW',
+        proto           => 'udp',
+        destinationport => '500',
+        order           => 240,
+        action          => 'ACCEPT';
+    }
+    shorewall::rule { 'me-net-ipsec-udp':
+        source          => '$FW',
+        destination     => 'net',
+        proto           => 'udp',
+        destinationport => '500',
+        order           => 240,
+        action          => 'ACCEPT';
+    }
+}
author	o <o@immerda.ch>
	Mon, 25 Apr 2011 23:13:58 +0000 (01:13 +0200)
committer	Micah Anderson <micah@riseup.net>
	Tue, 21 Jun 2011 16:15:45 +0000 (12:15 -0400)