added $shorewall_startup variable to disable startup, enabled by default

1951c8a7 · Varac · e7a5ffbb · 1951c8a7 · 1951c8a7 · 1951c8a7
Commit 1951c8a7 authored Dec 10, 2009 by Varac
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 1 deletion

README README +1 -0

manifests/debian.pp manifests/debian.pp +2 -1

templates/debian_default.erb templates/debian_default.erb +6 -0

No files found.
--- a/README
+++ b/README
@@ -21,6 +21,7 @@ Example
 Example from node.pp:

 node xy {
+	$shorewall_startup="0"  # create shorewall ruleset but don't startup
 	include config::site-shorewall
 	shorewall::rule {
 		'incoming-ssh': source => 'all', destination => '$FW',  action  => 'SSH/ACCEPT', order => 200;

--- a/manifests/debian.pp
+++ b/manifests/debian.pp
 class shorewall::debian inherits shorewall::base {
    file{'/etc/default/shorewall':
-        source => "puppet://$server/modules/shorewall/debian/default",
+        #source => "puppet://$server/modules/shorewall/debian/default",
+	content => template("shorewall/debian_default.erb"),
        require => Package['shorewall'],
        notify => Service['shorewall'],
        owner => root, group => 0, mode => 0644;

--- a/files/debian/default
+++ b/files/debian/default
 # prevent startup with default configuration
 # set the following varible to 1 in order to allow Shorewall to start

+# This file is brought to you by puppet
+
+<% if (shorewall_startup == "0" ) -%>
+startup=0
+<% else -%>
 startup=1
+<% end -%>

 # if your Shorewall configuration requires detection of the ip address of a ppp
 # interface, you must list such interfaces in "wait_interface" to get Shorewall to