+++ /dev/null
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-##
-
-<%
-config = YAML.load(@ipsec_config)
-
-unless config.keys.include?(@fqdn) then
- fail("Host #{@fqdn} not found in ipsec config.")
-end
-
-peers = []
-config.keys.each do |host|
- next if @fqdn == host
- peers << config[host]['address']
-end
-%>
-
-domain ip table filter {
- chain ipsec-peers {
- saddr (<%= peers.join(" ") %>) ACCEPT;
- }
-
- chain INPUT {
- proto udp dport (isakmp) jump ipsec-peers;
- proto esp jump ipsec-peers;
- }
-}
projects / mirror / dsa-puppet.git / blobdiff