6 files changed, 45 insertions, 6 deletions
diff --git a/puppet/modules/site_shorewall/files/Debian/shorewall.service b/puppet/modules/site_shorewall/files/Debian/shorewall.service
new file mode 100644
index 00000000..ec250ef1
--- /dev/null
+++ b/puppet/modules/site_shorewall/files/Debian/shorewall.service
@@ -0,0 +1,23 @@
+#
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
+#
+#     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
+#     Copyright 2015 Tom Eastep <teastep@shorewall.net>
+#
+[Unit]
+Description=Shorewall IPv4 firewall
+Wants=network-online.target
+After=network-online.target
+Conflicts=iptables.service firewalld.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+EnvironmentFile=-/etc/default/shorewall
+StandardOutput=syslog
+ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS
+ExecStop=/sbin/shorewall $OPTIONS stop
+ExecReload=/sbin/shorewall $OPTIONS reload $RELOADOPTIONS
+
+[Install]
+WantedBy=basic.target
diff --git a/puppet/modules/site_shorewall/manifests/defaults.pp b/puppet/modules/site_shorewall/manifests/defaults.pp
index 8f56ac42..ceb17868 100644
--- a/puppet/modules/site_shorewall/manifests/defaults.pp
+++ b/puppet/modules/site_shorewall/manifests/defaults.pp
@@ -47,6 +47,18 @@ class site_shorewall::defaults {
     ensure => installed
   }
 
+  include ::systemd
+  file { '/etc/systemd/system/shorewall.service':
+    ensure  => file,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    source  => 'puppet:///modules/site_shorewall/Debian/shorewall.service',
+    require => Package['shorewall'],
+    notify  => Service['shorewall'],
+    } ~>
+    Exec['systemctl-daemon-reload']
+
   augeas {
     # stop instead of clear firewall on shutdown
     'shorewall_SAFESTOP':
@@ -54,14 +66,14 @@ class site_shorewall::defaults {
       lens    => 'Shellvars.lns',
       incl    => '/etc/shorewall/shorewall.conf',
       require => Package['shorewall'],
-      notify  => Service[shorewall];
+      notify  => Service['shorewall'];
     # require that the interface exist
     'shorewall_REQUIRE_INTERFACE':
       changes => 'set /files/etc/shorewall/shorewall.conf/REQUIRE_INTERFACE Yes',
       lens    => 'Shellvars.lns',
       incl    => '/etc/shorewall/shorewall.conf',
       require => Package['shorewall'],
-      notify  => Service[shorewall];
+      notify  => Service['shorewall'];
     # configure shorewall-init
     'shorewall-init':
       changes => 'set /files/etc/default/shorewall-init/PRODUCTS shorewall',
diff --git a/puppet/modules/site_shorewall/manifests/obfsproxy.pp b/puppet/modules/site_shorewall/manifests/obfsproxy.pp
index 68fb9b9f..75846705 100644
--- a/puppet/modules/site_shorewall/manifests/obfsproxy.pp
+++ b/puppet/modules/site_shorewall/manifests/obfsproxy.pp
@@ -1,3 +1,4 @@
+# configure shorewell for obfsproxy
 class site_shorewall::obfsproxy {
 
   include site_shorewall::defaults
@@ -8,7 +9,7 @@ class site_shorewall::obfsproxy {
 
   # define macro for incoming services
   file { '/etc/shorewall/macro.leap_obfsproxy':
-    content => "PARAM   -       -       tcp    $scram_port ",
+    content => "PARAM   -       -       tcp    ${scram_port} ",
     notify  => Service['shorewall'],
     require => Package['shorewall']
   }
diff --git a/puppet/modules/site_shorewall/manifests/service/webapp_api.pp b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp
index 0c6c824d..d3a1aeed 100644
--- a/puppet/modules/site_shorewall/manifests/service/webapp_api.pp
+++ b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp
@@ -1,3 +1,4 @@
+# configure shorewall for webapp api
 class site_shorewall::service::webapp_api {
 
   $api = hiera('api')
@@ -5,7 +6,7 @@ class site_shorewall::service::webapp_api {
 
   # define macro for incoming services
   file { '/etc/shorewall/macro.leap_webapp_api':
-    content => "PARAM   -       -       tcp    $api_port ",
+    content => "PARAM   -       -       tcp    ${api_port} ",
     notify  => Service['shorewall'],
     require => Package['shorewall']
   }
diff --git a/puppet/modules/site_shorewall/manifests/sshd.pp b/puppet/modules/site_shorewall/manifests/sshd.pp
index 88b4102c..e2332592 100644
--- a/puppet/modules/site_shorewall/manifests/sshd.pp
+++ b/puppet/modules/site_shorewall/manifests/sshd.pp
@@ -1,3 +1,4 @@
+# configure shorewall for sshd
 class site_shorewall::sshd {
 
   $ssh_config     = hiera('ssh')
@@ -7,7 +8,7 @@ class site_shorewall::sshd {
 
   # define macro for incoming sshd
   file { '/etc/shorewall/macro.leap_sshd':
-    content => "PARAM   -       -       tcp    $ssh_port",
+    content => "PARAM   -       -       tcp    ${ssh_port}",
     notify  => Service['shorewall'],
     require => Package['shorewall']
   }
diff --git a/puppet/modules/site_shorewall/manifests/tor.pp b/puppet/modules/site_shorewall/manifests/tor.pp
index f35af985..324b4844 100644
--- a/puppet/modules/site_shorewall/manifests/tor.pp
+++ b/puppet/modules/site_shorewall/manifests/tor.pp
@@ -1,3 +1,4 @@
+# configure shorewall for tor
 class site_shorewall::tor {
 
   include site_shorewall::defaults
@@ -7,7 +8,7 @@ class site_shorewall::tor {
 
   # define macro for incoming services
   file { '/etc/shorewall/macro.leap_tor':
-    content => "PARAM   -       -       tcp    $tor_port ",
+    content => "PARAM   -       -       tcp    ${tor_port} ",
     notify  => Service['shorewall'],
     require => Package['shorewall']
   }