3 files changed, 46 insertions, 8 deletions

diff --git a/manifests/rules/out/managesieve.pp b/manifests/rules/out/managesieve.pp
index b0e1c3d..c4147d4 100644
--- a/manifests/rules/out/managesieve.pp
+++ b/manifests/rules/out/managesieve.pp
@@ -1,11 +1,25 @@
-class shorewall::rules::out::managesieve {
+# manage outgoing traffic to managesieve
+class shorewall::rules::out::managesieve(
+  $legacy_port = false
+) {
+  shorewall::rule {
+    'me-net-tcp_managesieve':
+      source          =>      '$FW',
+      destination     =>      'net',
+      proto           =>      'tcp',
+      destinationport =>      '4190',
+      order           =>      260,
+      action          =>      'ACCEPT';
+  }
+  if $legacy_port {
     shorewall::rule {
-        'me-net-tcp_managesieve':
-            source          =>      '$FW',
-            destination     =>      'net',
-            proto           =>      'tcp',
-            destinationport =>      '2000',
-            order           =>      260,
-            action          =>      'ACCEPT';
+      'me-net-tcp_managesieve_legacy':
+        source          =>      '$FW',
+        destination     =>      'net',
+        proto           =>      'tcp',
+        destinationport =>      '2000',
+        order           =>      260,
+        action          =>      'ACCEPT';
     }
+  }
 }
diff --git a/manifests/rules/out/pyzor.pp b/manifests/rules/out/pyzor.pp
new file mode 100644
index 0000000..f4f5151
--- /dev/null
+++ b/manifests/rules/out/pyzor.pp
@@ -0,0 +1,12 @@
+# pyzor calls out on 24441
+# https://wiki.apache.org/spamassassin/NetTestFirewallIssues
+class shorewall::rules::out::pyzor {
+  shorewall::rule { 'me-net-udp_pyzor':
+    source          => '$FW',
+    destination     => 'net',
+    proto           => 'udp',
+    destinationport => '24441',
+    order           => 240,
+    action          => 'ACCEPT';
+  }
+}
diff --git a/manifests/rules/out/razor.pp b/manifests/rules/out/razor.pp
new file mode 100644
index 0000000..1f8397c
--- /dev/null
+++ b/manifests/rules/out/razor.pp
@@ -0,0 +1,12 @@
+# razor calls out on 2703
+# https://wiki.apache.org/spamassassin/NetTestFirewallIssues
+class shorewall::rules::out::razor {
+  shorewall::rule { 'me-net-tcp_razor':
+    source          => '$FW',
+    destination     => 'net',
+    proto           => 'tcp',
+    destinationport => '2703',
+    order           => 240,
+    action          => 'ACCEPT';
+  }
+}