summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMicah <micah@riseup.net>2017-02-22 18:17:04 +0000
committerMicah <micah@riseup.net>2017-02-22 18:17:04 +0000
commit7aff745103df5771eac023f90ddfbab03dcd7600 (patch)
tree2f446d7014d14285874321f1878a6086c2e0c3a9
parent4da1590e18c487f1dc89d0ce1fffeb848e75794e (diff)
parentb131814ed976c2034521a460b6790f78703d8f2f (diff)
Merge branch '5.x-3' into 'master'
5.x part 3 See merge request !9
-rw-r--r--README.md17
-rw-r--r--files/boilerplate/clear.header9
-rw-r--r--files/boilerplate/hosts.header7
-rw-r--r--files/boilerplate/init.header9
-rw-r--r--files/boilerplate/initdone.header12
-rw-r--r--files/boilerplate/interfaces.header8
-rw-r--r--files/boilerplate/mangle.header15
-rw-r--r--files/boilerplate/masq.header9
-rw-r--r--files/boilerplate/nat.header4
-rw-r--r--files/boilerplate/params.header28
-rw-r--r--files/boilerplate/policy.header5
-rw-r--r--files/boilerplate/providers.header2
-rw-r--r--files/boilerplate/proxyarp.header4
-rw-r--r--files/boilerplate/rtrules.header5
-rw-r--r--files/boilerplate/rules.header11
-rw-r--r--files/boilerplate/start.header8
-rw-r--r--files/boilerplate/stop.header9
-rw-r--r--files/boilerplate/stopped.header9
-rw-r--r--files/boilerplate/stoppedrules.footer1
-rw-r--r--files/boilerplate/stoppedrules.header13
-rw-r--r--files/boilerplate/tcclasses.header4
-rw-r--r--files/boilerplate/tcdevices.header5
-rw-r--r--files/boilerplate/tunnel.header5
-rw-r--r--files/boilerplate/zones.header8
-rw-r--r--lib/facter/shorewall_major_version.rb3
-rw-r--r--lib/facter/shorewall_version.rb3
-rw-r--r--manifests/init.pp36
-rw-r--r--manifests/stoppedrules.pp13
28 files changed, 154 insertions, 108 deletions
diff --git a/README.md b/README.md
index e6fb027..4cb1a8a 100644
--- a/README.md
+++ b/README.md
@@ -74,6 +74,23 @@ module will not work:
CONFIG_PATH="/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall"
+Warnings
+--------
+There are some features that have been deprecated upstream that may still be
+supported by this module on certain shorewall major version. Please note
+the following:
+
+* the blacklist file and option is deprecated and replaced by blrules
+* the rfc1918 file and norfc1918 option are deprecated
+* the tcrules file is deprecated, replaced by mangled
+* the routestopped file is deprecated and replaced by stoppedrules
+* as of shorewall 4.6.0, SECTION headers need a leading '?'
+
+You should migrate your own calls to this module to move to the currently
+supported methods, we will be dropping support for deprecated features as
+the available distribution version permit it.
+For more details see http://www.shorewall.net/upgrade_issues.htm
+
Documentation
-------------
diff --git a/files/boilerplate/clear.header b/files/boilerplate/clear.header
index 6a39b0b..8bf025c 100644
--- a/files/boilerplate/clear.header
+++ b/files/boilerplate/clear.header
@@ -1,13 +1,10 @@
#
-# Shorewall version 4 - Clear
+# Shorewall -- /etc/shorewall/clear
#
-# /etc/shorewall/stop
-#
-# Add commands below that you want to be executed at the beginning of a
-# "shorewall stop" command.
+# Add commands below that you want to be executed after Shorewall has
+# processed the 'clear' command.
#
# See http://shorewall.net/shorewall_extension_scripts.htm for additional
# information.
#
###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
diff --git a/files/boilerplate/hosts.header b/files/boilerplate/hosts.header
index e39d614..99bfa02 100644
--- a/files/boilerplate/hosts.header
+++ b/files/boilerplate/hosts.header
@@ -1,9 +1,10 @@
#
-# Shorewall version 3.4 - Hosts file
+# Shorewall -- /etc/shorewall/hosts
#
# For information about entries in this file, type "man shorewall-hosts"
#
-# For additional information, see http://shorewall.net/Documentation.htm#Hosts
+# The manpage is also online at
+# http://www.shorewall.net/manpages/shorewall-hosts.html
#
###############################################################################
-#ZONE HOST(S) OPTIONS
+#ZONE HOSTS OPTIONS
diff --git a/files/boilerplate/init.header b/files/boilerplate/init.header
index cbb0393..417c3f2 100644
--- a/files/boilerplate/init.header
+++ b/files/boilerplate/init.header
@@ -1,13 +1,10 @@
#
-# Shorewall version 4 - Init File
+# Shorewall -- /etc/shorewall/init
#
-# /etc/shorewall/init
-#
-# Add commands below that you want to be executed at the beginning of
-# a "shorewall start" or "shorewall restart" command.
+# Add commands below that you want to be executed at the beginning of
+# a "shorewall start", "shorewall-reload" or "shorewall restart" command.
#
# For additional information, see
# http://shorewall.net/shorewall_extension_scripts.htm
#
###############################################################################
-
diff --git a/files/boilerplate/initdone.header b/files/boilerplate/initdone.header
index 9252a3b..5ad859a 100644
--- a/files/boilerplate/initdone.header
+++ b/files/boilerplate/initdone.header
@@ -1,14 +1,12 @@
#
-# Shorewall version 4 - Initdone File
+# Shorewall -- /etc/shorewall/initdone
#
-# /etc/shorewall/initdone
-#
-# Add commands below that you want to be executed during
-# "shorewall start" or "shorewall restart" commands at the point where
-# Shorewall has not yet added any perminent rules to the builtin chains.
+# Add commands below that you want to be executed during
+# "shorewall start", "shorewall reload" or "shorewall restart" commands
+# at the point where Shorewall has not yet added any permanent rules to
+# the builtin chains.
#
# For additional information, see
# http://shorewall.net/shorewall_extension_scripts.htm
#
###############################################################################
-
diff --git a/files/boilerplate/interfaces.header b/files/boilerplate/interfaces.header
index 663e436..12855c7 100644
--- a/files/boilerplate/interfaces.header
+++ b/files/boilerplate/interfaces.header
@@ -1,10 +1,12 @@
#
-# Shorewall version 4 - Interfaces File
+# Shorewall -- /etc/shorewall/interfaces
#
# For information about entries in this file, type "man shorewall-interfaces"
#
-# For additional information, see
+# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-interfaces.html
#
+# FIXME: need to switch to format 2
+#?FORMAT 2
###############################################################################
-#ZONE INTERFACE BROADCAST OPTIONS
+#ZONE INTERFACE OPTIONS
diff --git a/files/boilerplate/mangle.header b/files/boilerplate/mangle.header
index 7a7b12a..496e3f5 100644
--- a/files/boilerplate/mangle.header
+++ b/files/boilerplate/mangle.header
@@ -1,7 +1,14 @@
#
-# Shorewall - Mangle File
+# Shorewall -- /etc/shorewall/mangle
#
-# For additional information, see http://shorewall.net/manpages/shorewall-mangle.html
+# For information about entries in this file, type "man shorewall-mangle"
#
-#######################################################################################
-#ACTION SOURCE DESTINATION PROTO DSTPORT SRCPORT USER TEST LENGTH TOS CONNBYTES HELPER HEADERS
+# See http://shorewall.net/traffic_shaping.htm for additional information.
+# For usage in selecting among multiple ISPs, see
+# http://shorewall.net/MultiISP.html
+#
+# See http://shorewall.net/PacketMarking.html for a detailed description of
+# the Netfilter/Shorewall packet marking mechanism.
+#
+##############################################################################################################################################################
+#ACTION SOURCE DEST PROTO DPORT SPORT USER TEST LENGTH TOS CONNBYTES HELPER PROBABILITY DSCP SWITCH
diff --git a/files/boilerplate/masq.header b/files/boilerplate/masq.header
index f823321..2f7c22e 100644
--- a/files/boilerplate/masq.header
+++ b/files/boilerplate/masq.header
@@ -1,9 +1,10 @@
#
-# Shorewall version 3.4 - Masq file
+# Shorewall -- /etc/shorewall/masq
#
# For information about entries in this file, type "man shorewall-masq"
#
-# For additional information, see http://shorewall.net/Documentation.htm#Masq
+# The manpage is also online at
+# http://www.shorewall.net/manpages/shorewall-masq.html
#
-###############################################################################
-#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
+###################################################################################################################################
+#INTERFACE SOURCE ADDRESS PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY
diff --git a/files/boilerplate/nat.header b/files/boilerplate/nat.header
index c2e0d92..5d0871f 100644
--- a/files/boilerplate/nat.header
+++ b/files/boilerplate/nat.header
@@ -1,9 +1,9 @@
#
-# Shorewall version 3.4 - Nat File
+# Shorewall -- /etc/shorewall/nat
#
# For information about entries in this file, type "man shorewall-nat"
#
# For additional information, see http://shorewall.net/NAT.htm
#
###############################################################################
-#EXTERNAL INTERFACE INTERNAL ALL LOCAL
+#EXTERNAL INTERFACE INTERNAL ALLINTS LOCAL
diff --git a/files/boilerplate/params.header b/files/boilerplate/params.header
index c4dd504..f07a916 100644
--- a/files/boilerplate/params.header
+++ b/files/boilerplate/params.header
@@ -1,26 +1,24 @@
#
-# Shorewall version 3.4 - Params File
+# Shorewall -- /etc/shorewall/params
#
-# /etc/shorewall/params
+# Assign any variables that you need here.
#
-# Assign any variables that you need here.
+# It is suggested that variable names begin with an upper case letter
+# to distinguish them from variables used internally within the
+# Shorewall programs
#
-# It is suggested that variable names begin with an upper case letter
-# to distinguish them from variables used internally within the
-# Shorewall programs
+# Example:
#
-# Example:
+# NET_IF=eth0
+# NET_BCAST=130.252.100.255
+# NET_OPTIONS=routefilter
#
-# NET_IF=eth0
-# NET_BCAST=130.252.100.255
-# NET_OPTIONS=routefilter
+# Example (/etc/shorewall/interfaces record):
#
-# Example (/etc/shorewall/interfaces record):
+# net $NET_IF $NET_BCAST $NET_OPTIONS
#
-# net $NET_IF $NET_BCAST $NET_OPTIONS
+# The result will be the same as if the record had been written
#
-# The result will be the same as if the record had been written
-#
-# net eth0 130.252.100.255 routefilter
+# net eth0 130.252.100.255 routefilter
#
###############################################################################
diff --git a/files/boilerplate/policy.header b/files/boilerplate/policy.header
index cc9781f..8e9d032 100644
--- a/files/boilerplate/policy.header
+++ b/files/boilerplate/policy.header
@@ -1,5 +1,5 @@
#
-# Shorewall version 4 - Policy File
+# Shorewall -- /etc/shorewall/policy
#
# For information about entries in this file, type "man shorewall-policy"
#
@@ -7,5 +7,4 @@
# http://www.shorewall.net/manpages/shorewall-policy.html
#
###############################################################################
-#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
-# LEVEL BURST MASK
+#SOURCE DEST POLICY LOGLEVEL LIMIT CONNLIMIT
diff --git a/files/boilerplate/providers.header b/files/boilerplate/providers.header
index b4a5990..0dfb950 100644
--- a/files/boilerplate/providers.header
+++ b/files/boilerplate/providers.header
@@ -1,5 +1,5 @@
#
-# Shorewall version 4 - Providers File
+# Shorewall -- /etc/shorewall/providers
#
# For information about entries in this file, type "man shorewall-providers"
#
diff --git a/files/boilerplate/proxyarp.header b/files/boilerplate/proxyarp.header
index 1e16853..4249e03 100644
--- a/files/boilerplate/proxyarp.header
+++ b/files/boilerplate/proxyarp.header
@@ -1,9 +1,9 @@
#
-# Shorewall version 3.4 - Proxyarp File
+# Shorewall -- /etc/shorewall/proxyarp
#
# For information about entries in this file, type "man shorewall-proxyarp"
#
# See http://shorewall.net/ProxyARP.htm for additional information.
#
###############################################################################
-#ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT
+#ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT
diff --git a/files/boilerplate/rtrules.header b/files/boilerplate/rtrules.header
index fd9b2f4..7700816 100644
--- a/files/boilerplate/rtrules.header
+++ b/files/boilerplate/rtrules.header
@@ -1,8 +1,9 @@
#
-# Shorewall version 4 - route rules File
+# Shorewall -- /etc/shorewall/rtrules
#
# For information about entries in this file, type "man shorewall-rtrules"
#
# For additional information, see http://www.shorewall.net/MultiISP.html
+#
####################################################################################
-# SOURCE DEST PROVIDER PRIORITY MASK
+#SOURCE DEST PROVIDER PRIORITY MASK
diff --git a/files/boilerplate/rules.header b/files/boilerplate/rules.header
index 764358a..1ebf187 100644
--- a/files/boilerplate/rules.header
+++ b/files/boilerplate/rules.header
@@ -1,10 +1,11 @@
#
-# Shorewall version 3.4 - Rules File
+# Shorewall -- /etc/shorewall/rules
#
# For information on the settings in this file, type "man shorewall-rules"
#
-# See http://shorewall.net/Documentation.htm#Rules for additional information.
+# The manpage is also online at
+# http://www.shorewall.net/manpages/shorewall-rules.html
#
-#############################################################################################################
-#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
-# PORT PORT(S) DEST LIMIT GROUP
+##############################################################################################################################################################
+#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER MARK CONNLIMIT TIME HEADERS SWITCH HELPER
+
diff --git a/files/boilerplate/start.header b/files/boilerplate/start.header
index 689dff1..881cdfd 100644
--- a/files/boilerplate/start.header
+++ b/files/boilerplate/start.header
@@ -1,10 +1,8 @@
#
-# Shorewall version 4 - Start File
+# Shorewall -- /etc/shorewall/start
#
-# /etc/shorewall/start
-#
-# Add commands below that you want to be executed after shorewall has
-# been started or restarted.
+# Add commands below that you want to be executed after shorewall has
+# been started, reloaded or restarted.
#
# See http://shorewall.net/shorewall_extension_scripts.htm for additional
# information.
diff --git a/files/boilerplate/stop.header b/files/boilerplate/stop.header
index 0088abe..27a993b 100644
--- a/files/boilerplate/stop.header
+++ b/files/boilerplate/stop.header
@@ -1,13 +1,10 @@
#
-# Shorewall version 4 - Stop File
+# Shorewall -- /etc/shorewall/stop
#
-# /etc/shorewall/stop
-#
-# Add commands below that you want to be executed at the beginning of a
-# "shorewall stop" command.
+# Add commands below that you want to be executed at the beginning of a
+# "shorewall stop" command.
#
# See http://shorewall.net/shorewall_extension_scripts.htm for additional
# information.
#
###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
diff --git a/files/boilerplate/stopped.header b/files/boilerplate/stopped.header
index 438e5e0..8cc6bc6 100644
--- a/files/boilerplate/stopped.header
+++ b/files/boilerplate/stopped.header
@@ -1,13 +1,10 @@
#
-# Shorewall version 4 - Stopped File
+# Shorewall -- /etc/shorewall/stopped
#
-# /etc/shorewall/stopped
-#
-# Add commands below that you want to be executed at the completion of a
-# "shorewall stop" command.
+# Add commands below that you want to be executed at the completion of a
+# "shorewall stop" command.
#
# See http://shorewall.net/shorewall_extension_scripts.htm for additional
# information.
#
###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
diff --git a/files/boilerplate/stoppedrules.footer b/files/boilerplate/stoppedrules.footer
new file mode 100644
index 0000000..5e12d1d
--- /dev/null
+++ b/files/boilerplate/stoppedrules.footer
@@ -0,0 +1 @@
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
diff --git a/files/boilerplate/stoppedrules.header b/files/boilerplate/stoppedrules.header
new file mode 100644
index 0000000..94f4d0c
--- /dev/null
+++ b/files/boilerplate/stoppedrules.header
@@ -0,0 +1,13 @@
+#
+# Shorewall -- /etc/shorewall/stoppedrules
+#
+# For information about entries in this file, type "man shorewall-stoppedrules"
+#
+# The manpage is also online at
+# http://www.shorewall.net/manpages/shorewall-stoppedrules.html
+#
+# See http://shorewall.net/starting_and_stopping_shorewall.htm for additional
+# information.
+#
+###############################################################################
+#ACTION SOURCE DEST PROTO DPORT SPORT
diff --git a/files/boilerplate/tcclasses.header b/files/boilerplate/tcclasses.header
index 025415b..b31b684 100644
--- a/files/boilerplate/tcclasses.header
+++ b/files/boilerplate/tcclasses.header
@@ -1,9 +1,9 @@
#
-# Shorewall version 4 - Tcclasses File
+# Shorewall -- /etc/shorewall/tcclasses
#
# For information about entries in this file, type "man shorewall-tcclasses"
#
# See http://shorewall.net/traffic_shaping.htm for additional information.
#
###############################################################################
-#INTERFACE:CLASS MARK RATE CEIL PRIORITY OPTIONS
+#INTERFACE MARK RATE CEIL PRIO OPTIONS
diff --git a/files/boilerplate/tcdevices.header b/files/boilerplate/tcdevices.header
index fe7c3d1..226192e 100644
--- a/files/boilerplate/tcdevices.header
+++ b/files/boilerplate/tcdevices.header
@@ -1,10 +1,9 @@
#
-# Shorewall version 4 - Tcdevices File
+# Shorewall -- /etc/shorewall/tcdevices
#
# For information about entries in this file, type "man shorewall-tcdevices"
#
# See http://shorewall.net/traffic_shaping.htm for additional information.
#
###############################################################################
-#NUMBER: IN-BANDWITH OUT-BANDWIDTH OPTIONS REDIRECTED
-#INTERFACE INTERFACES
+#INTERFACE IN_BANDWITH OUT_BANDWIDTH OPTIONS REDIRECT
diff --git a/files/boilerplate/tunnel.header b/files/boilerplate/tunnel.header
index 638fd56..7bfd966 100644
--- a/files/boilerplate/tunnel.header
+++ b/files/boilerplate/tunnel.header
@@ -1,5 +1,5 @@
#
-# Shorewall version 4 - Tunnels File
+# Shorewall -- /etc/shorewall/tunnels
#
# For information about entries in this file, type "man shorewall-tunnels"
#
@@ -7,5 +7,4 @@
# http://www.shorewall.net/manpages/shorewall-tunnels.html
#
###############################################################################
-#TYPE ZONE GATEWAY GATEWAY
-# ZONE
+#TYPE ZONE GATEWAY GATEWAY_ZONE
diff --git a/files/boilerplate/zones.header b/files/boilerplate/zones.header
index 5dada52..d4b8cbc 100644
--- a/files/boilerplate/zones.header
+++ b/files/boilerplate/zones.header
@@ -1,5 +1,5 @@
#
-# Shorewall version 4 - Zones File
+# Shorewall -- /etc/shorewall/zones
#
# For information about this file, type "man shorewall-zones"
#
@@ -7,6 +7,6 @@
# http://www.shorewall.net/manpages/shorewall-zones.html
#
###############################################################################
-#ZONE TYPE OPTIONS IN OUT
-# OPTIONS OPTIONS
-fw firewall
+#ZONE TYPE OPTIONS IN_OPTIONS OUT_OPTIONS
+
+fw firewall
diff --git a/lib/facter/shorewall_major_version.rb b/lib/facter/shorewall_major_version.rb
index 0068b48..9b4c9a2 100644
--- a/lib/facter/shorewall_major_version.rb
+++ b/lib/facter/shorewall_major_version.rb
@@ -1,5 +1,6 @@
Facter.add("shorewall_major_version") do
+ confine :shorewall_version => /\d/
setcode do
- Facter::Util::Resolution.exec('shorewall version').split('.').first || nil
+ Facter.value(:shorewall_version).split('.').first
end
end
diff --git a/lib/facter/shorewall_version.rb b/lib/facter/shorewall_version.rb
new file mode 100644
index 0000000..3c1cc67
--- /dev/null
+++ b/lib/facter/shorewall_version.rb
@@ -0,0 +1,3 @@
+Facter.add("shorewall_version") do
+ setcode 'shorewall version'
+end
diff --git a/manifests/init.pp b/manifests/init.pp
index fa2641d..51f7c4d 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -29,6 +29,8 @@ class shorewall(
$nat_defaults = {},
$routestopped = {},
$routestopped_defaults = {},
+ $stoppedrules = {},
+ $stoppedrules_defaults = {},
$params = {},
$params_defaults = {},
$tcdevices = {},
@@ -56,37 +58,39 @@ class shorewall(
shorewall::managed_file{
[
- # See http://www.shorewall.net/3.0/Documentation.htm#Zones
+ # See http://www.shorewall.net/manpages/shorewall-zones.html
'zones',
- # See http://www.shorewall.net/3.0/Documentation.htm#Interfaces
+ # See http://www.shorewall.net/manpages/shorewall-interfaces.html
'interfaces',
- # See http://www.shorewall.net/3.0/Documentation.htm#Hosts
+ # See http://www.shorewall.net/manpages/shorewall-hosts.html
'hosts',
- # See http://www.shorewall.net/3.0/Documentation.htm#Policy
+ # See http://www.shorewall.net/manpages/shorewall-policy.html
'policy',
- # See http://www.shorewall.net/3.0/Documentation.htm#Rules
+ # See http://www.shorewall.net/manpages/shorewall-rules.html
'rules',
- # See http://www.shorewall.net/3.0/Documentation.htm#Masq
+ # See http://www.shorewall.net/manpages/shorewall-masq.html
'masq',
- # See http://www.shorewall.net/3.0/Documentation.htm#ProxyArp
+ # See http://www.shorewall.net/manpages/shorewall-proxyarp.html
'proxyarp',
- # See http://www.shorewall.net/3.0/Documentation.htm#NAT
+ # See http://www.shorewall.net/manpages/shorewall-nat.html
'nat',
- # See http://www.shorewall.net/3.0/Documentation.htm#Routestopped
+ # See http://www.shorewall.net/manpages/shorewall-stoppedrules.html
+ 'stoppedrules',
+ # Deprecated http://www.shorewall.net/4.2/manpages/shorewall-routestopped.html
'routestopped',
- # See http://www.shorewall.net/3.0/Documentation.htm#Variables
+ # See http://www.shorewall.net/manpages/shorewall-params.html
'params',
- # See http://www.shorewall.net/3.0/traffic_shaping.htm
+ # See http://www.shorewall.net/manpages/shorewall-tcdevices.html
'tcdevices',
- # See http://www.shorewall.net/3.0/traffic_shaping.htm
+ # Deprecated http://www.shorewall.net/4.6/manpages/shorewall-tcrules.htmle
'tcrules',
- # See http://www.shorewall.net/3.0/traffic_shaping.htm
+ # See http://www.shorewall.net/manpages/shorewall-tcclasses.html
'tcclasses',
- # http://www.shorewall.net/manpages/shorewall-providers.html
+ # See http://www.shorewall.net/manpages/shorewall-providers.html
'providers',
# See http://www.shorewall.net/manpages/shorewall-tunnels.html
'tunnel',
- # See http://www.shorewall.net/MultiISP.html
+ # See http://www.shorewall.net/manpages/shorewall-rtrules.html
'rtrules',
# See http://www.shorewall.net/manpages/shorewall-mangle.html
'mangle',
@@ -102,6 +106,8 @@ class shorewall(
create_resources('shorewall::masq',$masq,$masq_defaults)
create_resources('shorewall::proxyarp',$proxyarp,$proxyarp_defaults)
create_resources('shorewall::nat',$nat,$nat_defaults)
+ create_resources('shorewall::stoppedrules',$stoppedrules,
+ $stoppedrules_defaults)
create_resources('shorewall::routestopped',$routestopped,
$routestopped_defaults)
create_resources('shorewall::params',$params,$params_defaults)
diff --git a/manifests/stoppedrules.pp b/manifests/stoppedrules.pp
new file mode 100644
index 0000000..2dff218
--- /dev/null
+++ b/manifests/stoppedrules.pp
@@ -0,0 +1,13 @@
+define shorewall::stoppedrules(
+ $action = 'ACCEPT',
+ $source = '-',
+ $destination = '-',
+ $proto = '-',
+ $destinationport = '-',
+ $sourceport = '-',
+ $order = '100'
+){
+ shorewall::entry{"stoppedrules-${order}-${name}":
+ line => "${action} ${source} ${destination} ${proto} ${destinationport} ${sourceport}"
+ }
+}