From: mh <mh@immerda.ch>
Date: Tue, 1 Jan 2013 15:22:55 +0000 (+0100)
Subject: make it possible to exent nets for ipsec
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=bcded0b6e2ed96e1f44058ba7e70a404a83c2c71;p=puppet-shorewall.git

make it possible to exent nets for ipsec
---

diff --git a/manifests/rules/ipsec.pp b/manifests/rules/ipsec.pp
index 3e9db55..82adff0 100644
--- a/manifests/rules/ipsec.pp
+++ b/manifests/rules/ipsec.pp
@@ -1,7 +1,9 @@
-class shorewall::rules::ipsec {
+class shorewall::rules::ipsec(
+  $source = 'net'
+) {
     shorewall::rule {
       'net-me-ipsec-udp':
-        source          => 'net',
+        source          => $shorewall::rules::ipsec::source,
         destination     => '$FW',
         proto           => 'udp',
         destinationport => '500',
@@ -9,20 +11,20 @@ class shorewall::rules::ipsec {
         action          => 'ACCEPT';
       'me-net-ipsec-udp':
         source          => '$FW',
-        destination     => 'net',
+        destination     => $shorewall::rules::ipsec::source,
         proto           => 'udp',
         destinationport => '500',
         order           => 240,
         action          => 'ACCEPT';
       'net-me-ipsec':
-        source          => 'net',
+        source          => $shorewall::rules::ipsec::source,
         destination     => '$FW',
         proto           => 'esp',
         order           => 240,
         action          => 'ACCEPT';
       'me-net-ipsec':
         source          => '$FW',
-        destination     => 'net',
+        destination     => $shorewall::rules::ipsec::source,
         proto           => 'esp',
         order           => 240,
         action          => 'ACCEPT';