Merge pull request #13 from marknl/master

Conntrack support

4 files changed, 47 insertions, 0 deletions

diff --git a/files/boilerplate/conntrack.footer b/files/boilerplate/conntrack.footer
new file mode 100644
index 0000000..8648c65
--- /dev/null
+++ b/files/boilerplate/conntrack.footer
@@ -0,0 +1,3 @@
+
+?endif
+#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
diff --git a/files/boilerplate/conntrack.header b/files/boilerplate/conntrack.header
new file mode 100644
index 0000000..2db7bda
--- /dev/null
+++ b/files/boilerplate/conntrack.header
@@ -0,0 +1,10 @@
+#
+# Shorewall -- /etc/shorewall/conntrack
+#
+# For information about entries in this file, type "man shorewall-conntrack"
+#
+?FORMAT 3
+######################################################################################################
+#ACTION     SOURCE    DEST    PROTO DPORT   SPORT USER  SWITCH
+
+?if $AUTOHELPERS && __CT_TARGET
diff --git a/manifests/conntrack/helper.pp b/manifests/conntrack/helper.pp
new file mode 100644
index 0000000..ea7fb2e
--- /dev/null
+++ b/manifests/conntrack/helper.pp
@@ -0,0 +1,32 @@
+# Class for managing conntrack file: Helpers
+#
+# See http://shorewall.net/manpages/shorewall-conntrack.html for more info.
+# The $name defines the helper, so this needs to match one of the helpers
+# in the documentation.
+define shorewall::conntrack::helper(
+  $ensure = present,
+  $options = '',
+  $source = '-',
+  $destination = '-',
+  $proto,
+  $destinationport,
+  $sourceport = '',
+  $user = '',
+  $switch = '',
+  $chain = 'PO',
+  $order
+) {
+
+  $_helper = sprintf("__%s_HELPER", upcase($name))
+  $_chain = ":${chain}"
+  $_options = ''
+
+  if ($options != '') {
+    $_options = "(${options})"
+  }
+
+  shorewall::entry{"conntrack-${order}-${name}":
+    ensure => $ensure,
+    line => "?if ${_helper}\nCT:helper:${name}${_options}${_chain} ${source} ${destination} ${proto} ${destinationport} ${sourceport} ${$user} ${switch}\n?endif"
+  }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index afdc7d7..aac1520 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -100,6 +100,8 @@ class shorewall(
       'tunnels',
       # See http://www.shorewall.net/MultiISP.html
       'rtrules',
+      # See http://shorewall.net/manpages/shorewall-conntrack.html
+      'conntrack',
       # See http://www.shorewall.net/manpages/shorewall-mangle.html
       'mangle',
     ]:;