Commit b7d335f2 authored by mh's avatar mh

migrate ipsec rules to a define so we can specify multiple zones

parent a4f0b91e
class shorewall::rules::ipsec(
$source = 'net'
) {
shorewall::rule {
'net-me-ipsec-udp':
source => $shorewall::rules::ipsec::source,
destination => '$FW',
proto => 'udp',
destinationport => '500',
order => 240,
action => 'ACCEPT';
'me-net-ipsec-udp':
source => '$FW',
destination => $shorewall::rules::ipsec::source,
proto => 'udp',
destinationport => '500',
order => 240,
action => 'ACCEPT';
'net-me-ipsec':
source => $shorewall::rules::ipsec::source,
destination => '$FW',
proto => 'esp',
order => 240,
action => 'ACCEPT';
'me-net-ipsec':
source => '$FW',
destination => $shorewall::rules::ipsec::source,
proto => 'esp',
order => 240,
action => 'ACCEPT';
}
# manage ipsec rules for zone specified in
# $name
define shorewall::rules::ipsec() {
shorewall::rule {
"${name}-me-ipsec-udp":
source => $name,
destination => '$FW',
proto => 'udp',
destinationport => '500',
order => 240,
action => 'ACCEPT';
"me-${name}-ipsec-udp":
source => '$FW',
destination => $name
proto => 'udp',
destinationport => '500',
order => 240,
action => 'ACCEPT';
"${name}-me-ipsec":
source => $name
destination => '$FW',
proto => 'esp',
order => 240,
action => 'ACCEPT';
"me-${name}-ipsec":
source => '$FW',
destination => $name,
proto => 'esp',
order => 240,
action => 'ACCEPT';
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment