Commit 054ccc9e authored by Micah's avatar Micah

Merge branch '5.x' into 'master'

changes needed for 5.x

See merge request !7
parents f560a426 50acce5d
Facter.add("shorewall_major_version") do
setcode do
Facter::Util::Resolution.exec('shorewall version').split('.').first || nil
end
end
# Manage blrules. For additional information type "man shorewall-blrules"
#
# Sample Usage:
#
# shorewall::interface { 'br0':
# zone => 'net',
# rfc1918 => true,
# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge';
# }
#
# class { 'shorewall::blrules':
# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge',
# whitelists => [
# "net:10.0.0.1,192.168.0.1 all",
# ],
#
# drops => [
# 'net all tcp 22', #ssh
# ],
# }
class shorewall::blrules (
$whitelists,
$drops,
) {
file{'/etc/shorewall/puppet/blrules':
content => template('shorewall/blrules.erb'),
require => Package['shorewall'],
notify => Service['shorewall'],
owner => root,
group => 0,
mode => '0644';
}
}
define shorewall::rule_section(
$order
){
if versioncmp($shorewall_major_version,'4') > 0 {
$rule_section_prefix = '?'
} else {
$rule_section_prefix = ''
}
shorewall::entry{"rules-${order}-${name}":
line => "SECTION ${name}",
line => "${rule_section_prefix}SECTION ${name}",
}
}
#
# Shorewall version 4.4 - Rule-based Blacklisting
#
# For information about entries in this file, type "man shorewall-blrules"
#
# Please see http://shorewall.net/blacklisting_support.htm for additional
# information.
#
###############################################################################
<% @whitelists.each do |value| -%>
WHITELIST <%= value %>
<% end -%>
<% @drops.each do |value| -%>
REJECT <%= value %>
<% end -%>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment