diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2022-01-08 15:50:26 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2022-01-08 15:50:26 -0300 |
| commit | 3d1cf84f39fece3f2a9f8b7247a792212eb81177 (patch) | |
| tree | f1fa5ca591908d363d13d30256f7af3b242d2d6b /manifests/local.pp | |
| parent | 55fa862bae8e2582e5ac0c008a0bb0ec53d9bfff (diff) | |
| download | puppet-firewall-3d1cf84f39fece3f2a9f8b7247a792212eb81177.tar.gz puppet-firewall-3d1cf84f39fece3f2a9f8b7247a792212eb81177.tar.bz2 | |
Feat: major refactor
Diffstat (limited to 'manifests/local.pp')
| -rw-r--r-- | manifests/local.pp | 44 |
1 files changed, 6 insertions, 38 deletions
diff --git a/manifests/local.pp b/manifests/local.pp index a44b9b8..7f0faf4 100644 --- a/manifests/local.pp +++ b/manifests/local.pp @@ -1,47 +1,15 @@ class firewall::local( + $implementation = lookup('firewall::implementation', undef, undef, 'shorewall'), $network = lookup('firewall::local::network', undef, undef, '192.168.1.0/24'), $interface = lookup('firewall::local::interface', undef, undef, 'eth0'), $manage_host = lookup('firewall::local::manage_host', undef, undef, true), $manage_interface = lookup('firewall::local::manage_iface', undef, undef, false) ) { - if $manage_host { - shorewall::host { "$interface-loc": - name => "$interface:$network", - zone => 'loc', - options => '', - order => 3, - } + class { "firewall::implementations::${implementation}::local": + network => $network, + interface => $interface, + manage_host => $manage_host, + manage_interface => $manage_interface, } - - if $manage_interface { - shorewall::interface { "$interface": - zone => 'loc', - rfc1918 => true, - dhcp => true, - options => 'routeback', - } - } - - shorewall::policy { 'loc-all': - sourcezone => 'loc', - destinationzone => 'all', - policy => 'ACCEPT', - order => 5, - } - - shorewall::policy { 'vm-loc': - sourcezone => 'vm', - destinationzone => 'loc', - policy => 'ACCEPT', - order => 6, - } - - shorewall::policy { 'fw-loc': - sourcezone => '$FW', - destinationzone => 'loc', - policy => 'ACCEPT', - order => 7, - } - } |