fixed code indentation, added gitlab shared remote

1 files changed, 97 insertions, 95 deletions

diff --git a/README.md b/README.md
index 3a84b3b..cd6fe4f 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,3 @@
-modules/shorewall/manifests/init.pp - manage firewalling with shorewall 3.x
-
 Puppet Module for Shorewall
 ---------------------------
 This module manages the configuration of Shorewall (http://www.shorewall.net/)
@@ -16,7 +14,9 @@ Copyright
 Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>
 adapted by immerda project group - admin+puppet(at)immerda.ch
 adapted by Puzzle ITC - haerry+puppet(at)puzzle.ch
+
 Copyright (c) 2009 Riseup Networks - micah(shift+2)riseup.net
+
 Copyright (c) 2010 intrigeri - intrigeri(at)boum.org
 See LICENSE for the full license granted to you.
 
@@ -26,6 +26,8 @@ at https://reductivelabs.com/trac/puppet/wiki/AqueosShorewall
 Merged from:
 - git://git.puppet.immerda.ch/module-shorewall.git
 - git://labs.riseup.net/module_shorewall
+- https://gitlab.com/shared-puppet-modules-group/shorewall.git
+
 
 Todo
 ----
@@ -46,21 +48,21 @@ that your operatingsystem provides is used, and any modifications you wish to do
 to it should be configured with augeas, for example, to set IP_FORWARDING=Yes in
 shorewall.conf, simply do this:
 
-  augeas { 'enable_ip_forwarding':
-    changes => 'set /files/etc/shorewall/shorewall.conf/IP_FORWARDING Yes',
-    lens    => 'Shellvars.lns',
-    incl    => '/etc/shorewall/shorewall.conf',
-    notify  => Service[shorewall];
-  }
+    augeas { 'enable_ip_forwarding':
+      changes => 'set /files/etc/shorewall/shorewall.conf/IP_FORWARDING Yes',
+      lens    => 'Shellvars.lns',
+      incl    => '/etc/shorewall/shorewall.conf',
+      notify  => Service[shorewall];
+    }
 
-NOTE: this requires the augeas ruby bindings newer than 0.7.3. 
+NOTE: this requires the augeas ruby bindings newer than 0.7.3.
 
 If you need to, you can provide an entire shorewall.conf by passing its
 source to the main class:
 
-class{'shorewall':
-  conf_source => "puppet:///modules/site_shorewall/${::fqdn}/shorewall.conf.${::operatingsystem}",
-}
+    class{'shorewall':
+      conf_source => "puppet:///modules/site_shorewall/${::fqdn}/shorewall.conf.${::operatingsystem}",
+    }
 
 NOTE: if you distribute a file, you cannot also use augeas, puppet and augeas
 will fight forever. Secondly, you will *need* to make sure that if you are shipping your own
@@ -98,18 +100,18 @@ Example usage follows.
 Torify any outgoing TCP traffic originating from user bob or alice and
 aimed at 6.6.6.6 or 7.7.7.7:
 
-  shorewall::rules::torify {
-    'torify-some-bits':
-      users        => [ 'bob', 'alice' ],
-      destinations => [ '6.6.6.6', '7.7.7.7' ];
-  }
+    shorewall::rules::torify {
+      'torify-some-bits':
+        users        => [ 'bob', 'alice' ],
+        destinations => [ '6.6.6.6', '7.7.7.7' ];
+    }
 
 Torify any outgoing TCP traffic to 8.8.8.8:
 
-  shorewall::rules::torify {
-    'torify-to-this-host':
-      destinations  => [ '8.8.8.8' ];
-  }
+    shorewall::rules::torify {
+      'torify-to-this-host':
+        destinations  => [ '8.8.8.8' ];
+    }
 
 When no destination nor user is provided any outgoing TCP traffic (see
 restrictions bellow) is torified. In that case the user running the
@@ -124,16 +126,16 @@ be changed by setting the allow_rfc1918 parameter to false.
 
 Torify any outgoing TCP traffic but connections to RFC1918 addresses:
 
-  shorewall::rules::torify {
-    'torify-everything-but-lan':
-  }
+    shorewall::rules::torify {
+      'torify-everything-but-lan':
+    }
 
 Torify any outgoing TCP traffic:
 
-  shorewall::rules::torify {
-    'torify-everything:
-      allow_rfc1918 => false;
-  }
+    shorewall::rules::torify {
+      'torify-everything:
+        allow_rfc1918 => false;
+    }
 
 In some cases (e.g. when providing no specific destination nor user
 and denying access to RFC1918 addresses) UDP DNS requests may be
@@ -148,72 +150,72 @@ Example
 
 Example from node.pp:
 
-node xy {
-	class{'config::site_shorewall':
-	  startup => "0"  # create shorewall ruleset but don't startup
-  }
-	shorewall::rule {
-		'incoming-ssh': source => 'all', destination => '$FW',  action  => 'SSH(ACCEPT)', order => 200;
-		'incoming-puppetmaster': source => 'all', destination => '$FW',  action  => 'Puppetmaster(ACCEPT)', order => 300;
-		'incoming-imap': source => 'all', destination => '$FW',  action  => 'IMAP(ACCEPT)', order => 300;
-		'incoming-smtp': source => 'all', destination => '$FW',  action  => 'SMTP(ACCEPT)', order => 300;
-	}
-}
-
-
-class config::site_shorewall($startup = '1') {
-  class{'shorewall':
-    startup => $startup
-  }
-
-  # If you want logging:
-  #shorewall::params {
-  # 'LOG':  value => 'debug';
-  #}
-
-  shorewall::zone {'net':
-    type => 'ipv4';
-  }
-
-  shorewall::rule_section { 'NEW':
-    order => 100;
-  }
-
-  shorewall::interface { 'eth0':
-    zone    => 'net',
-    rfc1918  => true,
-    options => 'tcpflags,blacklist,nosmurfs';
-  }
-
-  shorewall::policy {
-    'fw-to-fw':
-      sourcezone              =>      '$FW',
-      destinationzone         =>      '$FW',
-      policy                  =>      'ACCEPT',
-      order                   =>      100;
-    'fw-to-net':
-      sourcezone              =>      '$FW',
-      destinationzone         =>      'net',
-      policy                  =>      'ACCEPT',
-      shloglevel              =>      '$LOG',
-      order                   =>      110;
-    'net-to-fw':
-      sourcezone              =>      'net',
-      destinationzone         =>      '$FW',
-      policy                  =>      'DROP',
-      shloglevel              =>      '$LOG',
-      order                   =>      120;
-  }       
-
-        
-  # default Rules : ICMP 
-  shorewall::rule {
-    'allicmp-to-host':
-      source => 'all',
-      destination => '$FW',
-      order  => 200,
-      action  => 'AllowICMPs/(ACCEPT)';
-  }
-}
+    node xy {
+      class{'config::site_shorewall':
+        startup => "0"  # create shorewall ruleset but don't startup
+      }
+      shorewall::rule {
+        'incoming-ssh': source => 'all', destination => '$FW',  action  => 'SSH(ACCEPT)', order => 200;
+        'incoming-puppetmaster': source => 'all', destination => '$FW',  action  => 'Puppetmaster(ACCEPT)', order => 300;
+        'incoming-imap': source => 'all', destination => '$FW',  action  => 'IMAP(ACCEPT)', order => 300;
+        'incoming-smtp': source => 'all', destination => '$FW',  action  => 'SMTP(ACCEPT)', order => 300;
+      }
+    }
+
+
+    class config::site_shorewall($startup = '1') {
+      class{'shorewall':
+        startup => $startup
+      }
+
+      # If you want logging:
+      #shorewall::params {
+      # 'LOG':  value => 'debug';
+      #}
+
+      shorewall::zone {'net':
+        type => 'ipv4';
+      }
+
+      shorewall::rule_section { 'NEW':
+        order => 100;
+      }
+
+      shorewall::interface { 'eth0':
+        zone    => 'net',
+        rfc1918  => true,
+        options => 'tcpflags,blacklist,nosmurfs';
+      }
+
+      shorewall::policy {
+        'fw-to-fw':
+          sourcezone              =>      '$FW',
+          destinationzone         =>      '$FW',
+          policy                  =>      'ACCEPT',
+          order                   =>      100;
+        'fw-to-net':
+          sourcezone              =>      '$FW',
+          destinationzone         =>      'net',
+          policy                  =>      'ACCEPT',
+          shloglevel              =>      '$LOG',
+          order                   =>      110;
+        'net-to-fw':
+          sourcezone              =>      'net',
+          destinationzone         =>      '$FW',
+          policy                  =>      'DROP',
+          shloglevel              =>      '$LOG',
+          order                   =>      120;
+      }
+
+
+      # default Rules : ICMP
+      shorewall::rule {
+        'allicmp-to-host':
+          source => 'all',
+          destination => '$FW',
+          order  => 200,
+          action  => 'AllowICMPs/(ACCEPT)';
+      }
+    }