7 files changed, 70 insertions, 33 deletions

diff --git a/manifests/rules/out/ekeyd.pp b/manifests/rules/out/ekeyd.pp
index 858dca4..8acdaad 100644
--- a/manifests/rules/out/ekeyd.pp
+++ b/manifests/rules/out/ekeyd.pp
@@ -1,7 +1,7 @@
-define shorewall::rules::out::ekeyd($ekeyd_host) {
+define shorewall::rules::out::ekeyd($host) {
   shorewall::rule { "me-${name}-tcp_ekeyd":
     source          => '$FW',
-    destination     => "${name}:${ekeyd_host}",
+    destination     => "${name}:${host}",
     proto           => 'tcp',
     destinationport => '8888',
     order           => 240,
diff --git a/manifests/rules/out/ibackup.pp b/manifests/rules/out/ibackup.pp
index ec12c8b..856bcdb 100644
--- a/manifests/rules/out/ibackup.pp
+++ b/manifests/rules/out/ibackup.pp
@@ -1,13 +1,12 @@
-class shorewall::rules::out::ibackup {
-    case $shorewall_ibackup_host {
-      '': { fail("You need to define \$shorewall_ibackup_host for ${fqdn}") }
-    }
-    shorewall::rule { 'me-net-tcp_backupssh':
-        source          => '$FW',
-        destination     => "net:${shorewall_ibackup_host}",
-        proto           => 'tcp',
-        destinationport => 'ssh',
-        order           => 240,
-        action          => 'ACCEPT';
-    }
+class shorewall::rules::out::ibackup(
+  $backup_host
+){
+  shorewall::rule { 'me-net-tcp_backupssh':
+    source          => '$FW',
+    destination     => "net:${backup_host}",
+    proto           => 'tcp',
+    destinationport => 'ssh',
+    order           => 240,
+    action          => 'ACCEPT';
+  }
 }
diff --git a/manifests/rules/out/irc.pp b/manifests/rules/out/irc.pp
new file mode 100644
index 0000000..9c8590a
--- /dev/null
+++ b/manifests/rules/out/irc.pp
@@ -0,0 +1,10 @@
+class shorewall::rules::out::irc {
+    shorewall::rule{'me-net-irc-tcp':
+        source          => '$FW',
+        destination     => 'net',
+        proto           => 'tcp',
+        destinationport => '6667',
+        order           => 240,
+        action          => 'ACCEPT';
+    }
+}
diff --git a/manifests/rules/out/ircs.pp b/manifests/rules/out/ircs.pp
new file mode 100644
index 0000000..a71585d
--- /dev/null
+++ b/manifests/rules/out/ircs.pp
@@ -0,0 +1,10 @@
+class shorewall::rules::out::ircs {
+    shorewall::rule{'me-net-ircs-tcp':
+        source          => '$FW',
+        destination     => 'net',
+        proto           => 'tcp',
+        destinationport => '6669',
+        order           => 240,
+        action          => 'ACCEPT';
+    }
+}
diff --git a/manifests/rules/out/munin.pp b/manifests/rules/out/munin.pp
index 7b0a015..004a3d5 100644
--- a/manifests/rules/out/munin.pp
+++ b/manifests/rules/out/munin.pp
@@ -1,10 +1,10 @@
 class shorewall::rules::out::munin {
-    shorewall::rule { 'me-net-rcp_muninhost':
-        source          => '$FW',
-        destination     => 'net',
-        proto           => 'tcp',
-        destinationport => '4949',
-        order           => 340,
-        action          => 'ACCEPT';
-    }
+  shorewall::rule { 'me-net-rcp_muninhost':
+    source          => '$FW',
+    destination     => 'net',
+    proto           => 'tcp',
+    destinationport => '4949',
+    order           => 340,
+    action          => 'ACCEPT';
+  }
 }
diff --git a/manifests/rules/out/puppet.pp b/manifests/rules/out/puppet.pp
index 5cd4643..cbe8cce 100644
--- a/manifests/rules/out/puppet.pp
+++ b/manifests/rules/out/puppet.pp
@@ -1,12 +1,20 @@
-class shorewall::rules::out::puppet {
-    include ::shorewall::rules::puppet
-    # we want to connect to the puppet server
-    shorewall::rule { 'me-net-puppet_tcp':
-        source          =>      '$FW',
-        destination     =>      'net:$PUPPETSERVER',
-        proto           =>      'tcp',
-        destinationport =>      '$PUPPETSERVER_PORT,$PUPPETSERVER_SIGN_PORT',
-        order           =>      340,
-        action          =>      'ACCEPT';
-    }
+class shorewall::rules::out::puppet(
+  $puppetserver = "puppet.${::domain}",
+  $puppetserver_port = 8140,
+  $puppetserver_signport = 8141
+) {
+  class{'shorewall::rules::puppet':
+    puppetserver          => $puppetserver,
+    puppetserver_port     => $puppetserver_port,
+    puppetserver_signport => $puppetserver_signport,
+  }
+  # we want to connect to the puppet server
+  shorewall::rule { 'me-net-puppet_tcp':
+    source          =>      '$FW',
+    destination     =>      'net:$PUPPETSERVER',
+    proto           =>      'tcp',
+    destinationport =>      '$PUPPETSERVER_PORT,$PUPPETSERVER_SIGN_PORT',
+    order           =>      340,
+    action          =>      'ACCEPT';
+  }
 }
diff --git a/manifests/rules/out/xmpp.pp b/manifests/rules/out/xmpp.pp
new file mode 100644
index 0000000..a1b4577
--- /dev/null
+++ b/manifests/rules/out/xmpp.pp
@@ -0,0 +1,10 @@
+class shorewall::rules::out::xmpp {
+    shorewall::rule{'me-net-xmpp-tcp':
+        source          => '$FW',
+        destination     => 'net',
+        proto           => 'tcp',
+        destinationport => '5222',
+        order           => 240,
+        action          => 'ACCEPT';
+    }
+}