diff options
| author | mh <mh@immerda.ch> | 2017-04-07 17:46:01 +0200 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2017-04-07 17:46:01 +0200 |
| commit | cdb82d7bde4861434cea81d7f5770164f5fff76c (patch) | |
| tree | 12aa62482f24f0a69b71f27875b3346e2e9d5a90 | |
| parent | 4a29f5e293b36e11d870061d4d93d7af306dcbd6 (diff) | |
make zones also for ipv6
| -rw-r--r-- | manifests/entry.pp | 25 | ||||
| -rw-r--r-- | manifests/zone.pp | 34 |
2 files changed, 44 insertions, 15 deletions
diff --git a/manifests/entry.pp b/manifests/entry.pp index c8fffc7..a7321f8 100644 --- a/manifests/entry.pp +++ b/manifests/entry.pp @@ -1,12 +1,25 @@ +# a core wrapper for all kinds of entries define shorewall::entry( - $ensure = present, + $ensure = present, + $shorewall = true, + $shorewall6 = false, $line ){ $parts = split($name,'-') - concat::fragment{$name: - ensure => $ensure, - content => "${line}\n", - order => $parts[1], - target => "/etc/shorewall/puppet/${parts[0]}", + if $shorewall { + concat::fragment{$name: + ensure => $ensure, + content => "${line}\n", + order => $parts[1], + target => "/etc/shorewall/puppet/${parts[0]}", + } + } + if $shorewall6 and $shorewall::with_shorewall6 { + concat::fragment{"shorewall6_${name}": + ensure => $ensure, + content => "${line}\n", + order => $parts[1], + target => "/etc/shorewall6/puppet/${parts[0]}", + } } } diff --git a/manifests/zone.pp b/manifests/zone.pp index 81e5771..8ee1b58 100644 --- a/manifests/zone.pp +++ b/manifests/zone.pp @@ -1,14 +1,30 @@ +# define a zone define shorewall::zone( - $type, - $options = '-', - $in = '-', - $out = '-', - $parent = '-', - $order = 100 + $type, + $options = '-', + $in = '-', + $out = '-', + $parent = '-', + $order = 100, ){ - $real_name = $parent ? { '-' => $name, default => "${name}:${parent}" } - shorewall::entry { "zones-${order}-${name}": - line => "${real_name} ${type} ${options} ${in} ${out}" + $real_name = $parent ? { '-' => $name, default => "${name}:${parent}" } + shorewall::entry { "zones-${order}-${name}": + line => "${real_name} ${type} ${options} ${in} ${out}", + shorewall => true, + shorewall6 => false, + } + if $shorewall::with_shorewall6 { + $type6 = $type ? { + 'ipv4' => 'ipv6', + 'ipsec' => 'ipsec6', + 'bport' => 'bport6', + default => $type, } + shorewall::entry { "zones-${order}-${name}_6": + line => "${real_name} ${type6} ${options} ${in} ${out}", + shorewall => false, + shorewall6 => true, + } + } } |