Commit bcded0b6 authored by mh's avatar mh

make it possible to exent nets for ipsec

parent b2499eb8
class shorewall::rules::ipsec { class shorewall::rules::ipsec(
$source = 'net'
) {
shorewall::rule { shorewall::rule {
'net-me-ipsec-udp': 'net-me-ipsec-udp':
source => 'net', source => $shorewall::rules::ipsec::source,
destination => '$FW', destination => '$FW',
proto => 'udp', proto => 'udp',
destinationport => '500', destinationport => '500',
...@@ -9,20 +11,20 @@ class shorewall::rules::ipsec { ...@@ -9,20 +11,20 @@ class shorewall::rules::ipsec {
action => 'ACCEPT'; action => 'ACCEPT';
'me-net-ipsec-udp': 'me-net-ipsec-udp':
source => '$FW', source => '$FW',
destination => 'net', destination => $shorewall::rules::ipsec::source,
proto => 'udp', proto => 'udp',
destinationport => '500', destinationport => '500',
order => 240, order => 240,
action => 'ACCEPT'; action => 'ACCEPT';
'net-me-ipsec': 'net-me-ipsec':
source => 'net', source => $shorewall::rules::ipsec::source,
destination => '$FW', destination => '$FW',
proto => 'esp', proto => 'esp',
order => 240, order => 240,
action => 'ACCEPT'; action => 'ACCEPT';
'me-net-ipsec': 'me-net-ipsec':
source => '$FW', source => '$FW',
destination => 'net', destination => $shorewall::rules::ipsec::source,
proto => 'esp', proto => 'esp',
order => 240, order => 240,
action => 'ACCEPT'; action => 'ACCEPT';
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment