Merge remote-tracking branch 'intrigeri/feature/libvirt-host'

06c50587 · Micah Anderson · 25cea9a4 · ddb4e09e · 06c50587
Commit 06c50587 authored Jun 14, 2013 by Micah Anderson
--- a/manifests/rules/libvirt/host.pp
+++ b/manifests/rules/libvirt/host.pp
 class shorewall::rules::libvirt::host (
-  $vmz        = 'vmz',
-  $masq_iface = 'eth0',
+  $vmz           = 'vmz',
+  $masq_iface    = 'eth0',
+  $debproxy_port = 8000,
  ) {

  define shorewall::rule::accept::from_vmz (
-    $proto = '-', $destinationport = '-', $action = 'ACCEPT' ) {
-      shorewall::rule { "$name":
-        source => $vmz, destination => '$FW', order => 300,
-        proto => $proto, destinationport => $destinationport, action => $action;
+    $proto           = '-',
+    $destinationport = '-',
+    $action          = 'ACCEPT'
+    ) {
+      shorewall::rule { $name:
+        source          => $shorewall::rules::libvirt::host::vmz,
+        destination     => '$FW',
+        order           => 300,
+        proto           => $proto,
+        destinationport => $destinationport,
+        action          => $action;
      }
    }

@@ -31,16 +39,30 @@ class shorewall::rules::libvirt::host (
  }

  shorewall::rule::accept::from_vmz {
-    'accept_dns_from_vmz':      action => 'DNS(ACCEPT)';
-    'accept_tftp_from_vmz':     action => 'TFTP(ACCEPT)';
-    'accept_debproxy_from_vmz': proto => 'tcp', destinationport => '8000', action => 'ACCEPT';
-    'accept_puppet_from_vmz':   proto => 'tcp', destinationport => '8140', action => 'ACCEPT';
+    'accept_dns_from_vmz':
+      action          => 'DNS(ACCEPT)';
+    'accept_tftp_from_vmz':
+      action          => 'TFTP(ACCEPT)';
+    'accept_puppet_from_vmz':
+      proto           => 'tcp',
+      destinationport => '8140',
+      action          => 'ACCEPT';
  }

-  shorewall::masq {
-    "masq-${masq_iface}":
-      interface => "$masq_iface",
-      source => '10.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16';
+  if $debproxy_port {
+    shorewall::rule::accept::from_vmz { 'accept_debproxy_from_vmz':
+      proto           => 'tcp',
+      destinationport => $debproxy_port,
+      action          => 'ACCEPT';
+    }
+  }
+
+  if $masq_iface {
+    shorewall::masq {
+      "masq-${masq_iface}":
+        interface => $masq_iface,
+        source    => '10.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16';
+    }
  }

 }