Fixing firewall::router::ssh

author Silvio Rhatto <rhatto@riseup.net>

Tue, 16 Aug 2011 01:59:22 +0000 (22:59 -0300)

committer Silvio Rhatto <rhatto@riseup.net>

Tue, 16 Aug 2011 01:59:22 +0000 (22:59 -0300)
author Silvio Rhatto <rhatto@riseup.net>
Tue, 16 Aug 2011 01:59:22 +0000 (22:59 -0300)
committer Silvio Rhatto <rhatto@riseup.net>
Tue, 16 Aug 2011 01:59:22 +0000 (22:59 -0300)
diff --git a/manifests/subsystems/firewall/router.pp b/manifests/subsystems/firewall/router.pp

index a349050723f403fdbc39b86e50a4eea974e6c20c..e5563a00391101238c01dcf6b693859643ea6908 100644 (file)
--- a/manifests/subsystems/firewall/router.pp
+++ b/manifests/subsystems/firewall/router.pp
@@ -239,8 +239,8 @@ define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $
      action          => 'DNAT',
      source          => '$FW',
      destination     => $port_dest ? {
-      ''      => "fw:$destination",
-      default => "fw:$destination:$port_dest",
+      ''      => "$zone:$destination",
+      default => "$zone:$destination:$port_dest",
      },
      proto           => 'tcp',
      destinationport => "$port_orig",
diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp

index 7b09d9692e9de0e97fba05e8cbb2eb98c68e9e33..8273c47426396e88dbd380f7897f908b3d9d3005 100644 (file)
--- a/manifests/subsystems/firewall/vserver.pp
+++ b/manifests/subsystems/firewall/vserver.pp
@@ -44,11 +44,11 @@ class firewall::vserver::https($destination, $zone = 'vm') {
    }
  }
  
-class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', $puppetmaster_nonssl_port = '8141') {
+class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', $puppetmaster_nonssl_port = '8141', $zone = 'fw') {
    shorewall::rule { 'puppetmaster-1':
      action          => 'DNAT',
      source          => 'net',
-    destination     => "fw:$destination:$puppetmaster_port",
+    destination     => "$zone:$destination:$puppetmaster_port",
      proto           => 'tcp',
      destinationport => "$puppetmaster_port",
      ratelimit       => '-',
@@ -58,7 +58,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
    shorewall::rule { 'puppetmaster-2':
      action          => 'DNAT',
      source          => 'net',
-    destination     => "fw:$destination:$puppetmaster_port",
+    destination     => "$zone:$destination:$puppetmaster_port",
      proto           => 'udp',
      destinationport => "$puppetmaster_port",
      ratelimit       => '-',
@@ -68,7 +68,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
    shorewall::rule { 'puppetmaster-3':
      action          => 'DNAT',
      source          => '$FW',
-    destination     => "fw:$destination:$puppetmaster_port",
+    destination     => "$zone:$destination:$puppetmaster_port",
      proto           => 'tcp',
      destinationport => "$puppetmaster_port",
      originaldest    => "$ipaddress",
@@ -79,7 +79,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
    shorewall::rule { 'puppetmaster-4':
      action          => 'DNAT',
      source          => '$FW',
-    destination     => "fw:$destination:$puppetmaster_port",
+    destination     => "$zone:$destination:$puppetmaster_port",
      proto           => 'udp',
      destinationport => "$puppetmaster_port",
      originaldest    => "$ipaddress",
@@ -90,7 +90,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
    shorewall::rule { 'puppetmaster-5':
      action          => 'DNAT',
      source          => 'net',
-    destination     => "fw:$destination:$puppetmaster_nonssl_port",
+    destination     => "$zone:$destination:$puppetmaster_nonssl_port",
      proto           => 'tcp',
      destinationport => "$puppetmaster_nonssl_port",
      ratelimit       => '-',
@@ -100,7 +100,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
    shorewall::rule { 'puppetmaster-6':
      action          => 'DNAT',
      source          => 'net',
-    destination     => "fw:$destination:$puppetmaster_nonssl_port",
+    destination     => "$zone:$destination:$puppetmaster_nonssl_port",
      proto           => 'udp',
      destinationport => "$puppetmaster_nonssl_port",
      ratelimit       => '-',
@@ -110,7 +110,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
    shorewall::rule { 'puppetmaster-7':
      action          => 'DNAT',
      source          => '$FW',
-    destination     => "fw:$destination:$puppetmaster_nonssl_port",
+    destination     => "$zone:$destination:$puppetmaster_nonssl_port",
      proto           => 'tcp',
      destinationport => "$puppetmaster_nonssl_port",
      originaldest    => "$ipaddress",
@@ -121,7 +121,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
    shorewall::rule { 'puppetmaster-8':
      action          => 'DNAT',
      source          => '$FW',
-    destination     => "fw:$destination:$puppetmaster_nonssl_port",
+    destination     => "$zone:$destination:$puppetmaster_nonssl_port",
      proto           => 'udp',
      destinationport => "$puppetmaster_nonssl_port",
      originaldest    => "$ipaddress",
@@ -130,11 +130,11 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
    }
  }
  
-class firewall::vserver::gitd($destination) {
+class firewall::vserver::gitd($destination, $zone = 'fw') {
    shorewall::rule { 'git-daemon-1':
      action          => 'DNAT',
      source          => 'net',
-    destination     => "fw:$destination:9418",
+    destination     => "$zone:$destination:9418",
      proto           => 'tcp',
      destinationport => '9418',
      ratelimit       => '-',
@@ -144,7 +144,7 @@ class firewall::vserver::gitd($destination) {
    shorewall::rule { 'git-daemon-2':
      action          => 'DNAT',
      source          => '$FW',
-    destination     => "fw:$destination:9418",
+    destination     => "$zone:$destination:9418",
      proto           => 'tcp',
      destinationport => '9418',
      originaldest    => "$ipaddress",
@@ -153,11 +153,11 @@ class firewall::vserver::gitd($destination) {
    }
  }
  
-class firewall::vserver::icecast($destination) {
+class firewall::vserver::icecast($destination, $zone = 'fw') {
    shorewall::rule { 'icecast-1':
      action          => 'DNAT',
      source          => 'net',
-    destination     => "fw:$destination:8000",
+    destination     => "$zone:$destination:8000",
      proto           => 'tcp',
      destinationport => '8000',
      ratelimit       => '-',
@@ -167,7 +167,7 @@ class firewall::vserver::icecast($destination) {
    shorewall::rule { 'icecast-2':
      action          => 'DNAT',
      source          => '$FW',
-    destination     => "fw:$destination:8000",
+    destination     => "$zone:$destination:8000",
      proto           => 'tcp',
      destinationport => '8000',
      originaldest    => "$ipaddress",
@@ -176,11 +176,11 @@ class firewall::vserver::icecast($destination) {
    }
  }
  
-class firewall::vserver::mail($destination) {
+class firewall::vserver::mail($destination, $zone = 'fw') {
    shorewall::rule { 'mail-1':
      action          => 'DNAT',
      source          => 'net',
-    destination     => "fw:$destination:25",
+    destination     => "$zone:$destination:25",
      proto           => 'tcp',
      destinationport => '25',
      ratelimit       => '-',
@@ -190,7 +190,7 @@ class firewall::vserver::mail($destination) {
    shorewall::rule { 'mail-2':
      action          => 'DNAT',
      source          => '$FW',
-    destination     => "fw:$destination:25",
+    destination     => "$zone:$destination:25",
      proto           => 'tcp',
      destinationport => '25',
      originaldest    => "$ipaddress",
@@ -201,7 +201,7 @@ class firewall::vserver::mail($destination) {
    shorewall::rule { 'mail-3':
      action          => 'DNAT',
      source          => 'net',
-    destination     => "fw:$destination:993",
+    destination     => "$zone:$destination:993",
      proto           => 'tcp',
      destinationport => '993',
      ratelimit       => '-',
@@ -211,7 +211,7 @@ class firewall::vserver::mail($destination) {
    shorewall::rule { 'mail-4':
      action          => 'DNAT',
      source          => '$FW',
-    destination     => "fw:$destination:993",
+    destination     => "$zone:$destination:993",
      proto           => 'tcp',
      destinationport => '993',
      originaldest    => "$ipaddress",
@@ -249,13 +249,13 @@ define firewall::vserver::ssh($destination, $port_orig = '22', $port_dest = '',
    }
  }
  
-define firewall::vserver::munin($destination, $port_orig, $port_dest = '', $order = '400') {
+define firewall::vserver::munin($destination, $port_orig, $port_dest = '', $order = '400', $zone = 'fw') {
    shorewall::rule { "munin-$name-1":
      action          => 'DNAT',
      source          => 'net',
      destination     => $port_dest ? {
-      ''      => "fw:$destination",
-      default => "fw:$destination:$port_dest",
+      ''      => "$zone:$destination",
+      default => "$zone:$destination:$port_dest",
      },
      proto           => 'tcp',
      destinationport => "$port_orig",
@@ -267,8 +267,8 @@ define firewall::vserver::munin($destination, $port_orig, $port_dest = '', $orde
      action          => 'DNAT',
      source          => '$FW',
      destination     => $port_dest ? {
-      ''      => "fw:$destination",
-      default => "fw:$destination:$port_dest",
+      ''      => "$zone:$destination",
+      default => "$zone:$destination:$port_dest",
      },
      proto           => 'tcp',
      destinationport => "$port_orig",
author	Silvio Rhatto <rhatto@riseup.net>
	Tue, 16 Aug 2011 01:59:22 +0000 (22:59 -0300)
committer	Silvio Rhatto <rhatto@riseup.net>
	Tue, 16 Aug 2011 01:59:22 +0000 (22:59 -0300)
manifests/subsystems/firewall/router.pp		patch \| blob \| history
manifests/subsystems/firewall/vserver.pp		patch \| blob \| history