2 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
6 config = YAML.load(@ipsec_config)
8 unless config.keys.include?(@fqdn) then
9 fail("Host #{@fqdn} not found in ipsec config.")
13 config.keys.each do |host|
15 peers << config[host]['address']
19 domain ip table filter {
21 saddr (<%= peers.join(" ") %>) ACCEPT;
25 proto udp dport (isakmp) jump ipsec-peers;
26 proto esp jump ipsec-peers;