Commit b7d335f2 authored by mh's avatar mh
Browse files

migrate ipsec rules to a define so we can specify multiple zones

parent a4f0b91e
class shorewall::rules::ipsec( # manage ipsec rules for zone specified in
$source = 'net' # $name
) { define shorewall::rules::ipsec() {
shorewall::rule { shorewall::rule {
'net-me-ipsec-udp': "${name}-me-ipsec-udp":
source => $shorewall::rules::ipsec::source, source => $name,
destination => '$FW', destination => '$FW',
proto => 'udp', proto => 'udp',
destinationport => '500', destinationport => '500',
order => 240, order => 240,
action => 'ACCEPT'; action => 'ACCEPT';
'me-net-ipsec-udp': "me-${name}-ipsec-udp":
source => '$FW', source => '$FW',
destination => $shorewall::rules::ipsec::source, destination => $name
proto => 'udp', proto => 'udp',
destinationport => '500', destinationport => '500',
order => 240, order => 240,
action => 'ACCEPT'; action => 'ACCEPT';
'net-me-ipsec': "${name}-me-ipsec":
source => $shorewall::rules::ipsec::source, source => $name
destination => '$FW', destination => '$FW',
proto => 'esp', proto => 'esp',
order => 240, order => 240,
action => 'ACCEPT'; action => 'ACCEPT';
'me-net-ipsec': "me-${name}-ipsec":
source => '$FW', source => '$FW',
destination => $shorewall::rules::ipsec::source, destination => $name,
proto => 'esp', proto => 'esp',
order => 240, order => 240,
action => 'ACCEPT'; action => 'ACCEPT';
} }
} }
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment