Merge branch '5.x-2' into 'master'

5.x changes part 2

See merge request !8

README.md

@@ -186,8 +186,7 @@ Example from node.pp:
 
       shorewall::interface { 'eth0':
         zone    => 'net',
-        rfc1918  => true,
-        options => 'tcpflags,blacklist,nosmurfs';
+        options => 'tcpflags,nosmurfs';
       }
 
       shorewall::policy {

files/boilerplate/blacklist.footer

-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

files/boilerplate/blacklist.header

-#
-# Shorewall version 3.4 - Blacklist File
-#
-# For information about entries in this file, type "man shorewall-blacklist"
-#
-# Please see http://shorewall.net/blacklisting_support.htm for additional
-# information.
-#
-###############################################################################
-#ADDRESS/SUBNET         PROTOCOL        PORT

files/boilerplate/params.header

@@ -13,7 +13,7 @@
 #
 #               NET_IF=eth0
 #               NET_BCAST=130.252.100.255
-#               NET_OPTIONS=routefilter,norfc1918
+#               NET_OPTIONS=routefilter
 #
 #       Example (/etc/shorewall/interfaces record):
 #
@@ -21,6 +21,6 @@
 #
 #       The result will be the same as if the record had been written
 #
-#               net     eth0            130.252.100.255 routefilter,norfc1918
+#               net     eth0            130.252.100.255 routefilter
 #
 ###############################################################################

files/boilerplate/started.header

 #
-# Shorewall version 4 - Started File
+# Shorewall -- /etc/shorewall/started
 #
-# /etc/shorewall/started
+# Add commands below that you want to be executed after shorewall has
+# been completely started, reloaded or restarted. The difference between
+# this extension script and /etc/shorewall/start is that this one is
+# invoked after the 'shorewall' chain has been created (thus
+# signaling that the firewall is completely up).
 #
-#	Add commands below that you want to be executed after shorewall has
-#	been completely started or restarted. The difference between this
-#	extension script and /etc/shorewall/start is that this one is invoked
-#	after delayed loading of the blacklist (DELAYBLACKLISTLOAD=Yes) and
-#	after the 'shorewall' chain has been created (thus signaling that the
-#	firewall is completely up).
-#
-#	This script should not change the firewall configuration directly but
-#	may do so indirectly by running /sbin/shorewall with the 'nolock'
-#	option.
+# This script should not change the firewall configuration directly but
+# may do so indirectly by running /sbin/shorewall with the 'nolock'
+# option.
 #
 # See http://shorewall.net/shorewall_extension_scripts.htm for additional
 # information.
 #
 ###############################################################################
+

manifests/blacklist.pp

-define shorewall::blacklist(
-    $proto = '-',
-    $port = '-',
-    $order='100'
-){
-    shorewall::entry{"blacklist-${order}-${name}":
-        line => "${name} ${proto} ${port}",
-    }           
-}

manifests/blrules.pp

@@ -4,12 +4,11 @@
 #
 #  shorewall::interface { 'br0':
 #    zone    => 'net',
-#    rfc1918  => true,
-#    options => 'tcpflags,blacklist,nosmurfs,routeback,bridge';
+#    options => 'tcpflags,nosmurfs,routeback,bridge';
 #  }
 #
 #  class { 'shorewall::blrules':
-#    options         => 'tcpflags,blacklist,nosmurfs,routeback,bridge',
+#    options         => 'tcpflags,nosmurfs,routeback,bridge',
 #    whitelists    =>  [
 #                          "net:10.0.0.1,192.168.0.1 all",
 #                        ],

manifests/host.pp

 define shorewall::host(
     $zone,
-    $options = 'tcpflags,blacklist,norfc1918',
+    $options = 'tcpflags',
     $order='100'
 ){
     shorewall::entry{"hosts-${order}-${name}":

manifests/init.pp

@@ -27,10 +27,6 @@ class shorewall(
   $proxyarp_defaults          = {},
   $nat                        = {},
   $nat_defaults               = {},
-  $blacklist                  = {},
-  $blacklist_defaults         = {},
-  $rfc1918                    = {},
-  $rfc1918_defaults           = {},
   $routestopped               = {},
   $routestopped_defaults      = {},
   $params                     = {},
@@ -76,10 +72,6 @@ class shorewall(
       'proxyarp',
       # See http://www.shorewall.net/3.0/Documentation.htm#NAT
       'nat',
-      # See http://www.shorewall.net/3.0/Documentation.htm#Blacklist
-      'blacklist',
-      # See http://www.shorewall.net/3.0/Documentation.htm#rfc1918
-      'rfc1918',
       # See http://www.shorewall.net/3.0/Documentation.htm#Routestopped
       'routestopped',
       # See http://www.shorewall.net/3.0/Documentation.htm#Variables
@@ -110,8 +102,6 @@ class shorewall(
   create_resources('shorewall::masq',$masq,$masq_defaults)
   create_resources('shorewall::proxyarp',$proxyarp,$proxyarp_defaults)
   create_resources('shorewall::nat',$nat,$nat_defaults)
-  create_resources('shorewall::blacklist',$blacklist,$blacklist_defaults)
-  create_resources('shorewall::rfc1918',$rfc1918,$rfc1918_defaults)
   create_resources('shorewall::routestopped',$routestopped,
     $routestopped_defaults)
   create_resources('shorewall::params',$params,$params_defaults)

manifests/interface.pp

 define shorewall::interface(
     $zone,
     $broadcast = 'detect',
-    $options = 'tcpflags,blacklist,routefilter,nosmurfs,logmartians',
+    $options = 'tcpflags,routefilter,nosmurfs,logmartians',
     $add_options = '',
-    $rfc1918 = false,
     $dhcp = false,
     $order = 100
 ){
@@ -17,13 +16,8 @@ define shorewall::interface(
         default => ',dhcp',
     }
 
-    $rfc1918_opt = $rfc1918 ? {
-        false   => ',norfc1918',
-        default => '',
-    }
-
     shorewall::entry { "interfaces-${order}-${name}":
-        line => "${zone} ${name} ${broadcast} ${options}${dhcp_opt}${rfc1918_opt}${added_opts}",
+        line => "${zone} ${name} ${broadcast} ${options}${dhcp_opt}${added_opts}",
     }
 }
 

manifests/rfc1918.pp

-define shorewall::rfc1918(
-    $action = 'logdrop',
-    $order='100'
-){
-    shorewall::entry{"rfc1918-${order}-${name}":
-        line => "${name} ${action}"
-    }   
-}