projects / mirror / dsa-puppet.git / blob
? search:


82b8a6bcb1aab1624e65aa34d0dec41d01bd71e7
[mirror/dsa-puppet.git] / modules / ipsec / templates / ferm.erb
1 ##
2 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
3 ##
4
5 <%
6 config = YAML.load(@ipsec_config)
7
8 unless config.keys.include?(@fqdn) then
9         fail("Host #{@fqdn} not found in ipsec config.")
10 end
11
12 peers = []
13 config.keys.each do |host|
14         next if @fqdn == host
15         peers << config[host]['address']
16 end
17 %>
18
19 domain ip table filter {
20   chain ipsec-peers {
21     saddr (<%= peers.join(" ")  %>) ACCEPT;
22   }
23
24   chain INPUT {
25     proto udp dport (isakmp) jump ipsec-peers;
26     proto esp                jump ipsec-peers;
27   }
28 }
Unnamed repository; edit this file 'description' to name the repository.