diff options
author | Micah Anderson <micah@riseup.net> | 2018-01-13 11:13:23 -0500 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2018-01-13 11:13:23 -0500 |
commit | 4cf7030c0c1f9977d297d502f736029e57e36d40 (patch) | |
tree | c2219300400d0a455e8e0aba0df19c83a6de8121 /manifests/init.pp | |
parent | 7332777829c19a63ce3d9bc50a2ddd40b940743a (diff) | |
parent | fab57483f46bab58275063081c5e4e6f7db9d2ab (diff) |
Merge remote-tracking branch 'immerda/master' into immerda_merge
Diffstat (limited to 'manifests/init.pp')
-rw-r--r-- | manifests/init.pp | 50 |
1 files changed, 43 insertions, 7 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 9cbc1e9..6287f04 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -2,14 +2,13 @@ class shorewall( $startup = true, $conf_source = false, - $settings = { - 'LOG_MARTIANS' => 'No', - 'DISABLE_IPV6' => 'Yes', - }, + $settings = {}, + $settings6 = {}, + $shorewall6 = 'auto', $ensure_version = 'present', $tor_transparent_proxy_host = '127.0.0.1', $tor_transparent_proxy_port = '9040', - $tor_user = $::operatingsystem ? { + $tor_user = $facts['operatingsystem'] ? { 'Debian' => 'debian-tor', default => 'tor' }, @@ -20,8 +19,12 @@ class shorewall( $hosts = {}, $hosts_defaults = {}, $policy = {}, + $policy4 = {}, + $policy6 = {}, $policy_defaults = {}, $rules = {}, + $rules4 = {}, + $rules6 = {}, $rules_defaults = {}, $rulesections = {}, $rulesections_defaults = {}, @@ -36,6 +39,8 @@ class shorewall( $stoppedrules = {}, $stoppedrules_defaults = {}, $params = {}, + $params4 = {}, + $params6 = {}, $params_defaults = {}, $tcdevices = {}, $tcdevices_defaults = {}, @@ -50,12 +55,34 @@ class shorewall( $daily_check = true, ) { - case $::operatingsystem { + # workaround https://tickets.puppetlabs.com/browse/FACT-1739 + if $shorewall6 == 'auto' { + if $facts['ipaddress6'] and $facts['ipaddress6'] =~ /:/ { + $with_shorewall6 = true + } else { + $with_shorewall6 = false + } + } else { + $with_shorewall6 = str2bool($shorewall6) + } + + $disable_ipv6 = $with_shorewall6 ? { + false => 'Yes', + default => 'No', + } + $def_settings = { + 'LOG_MARTIANS' => 'No', + 'DISABLE_IPV6' => $disable_ipv6, + } + + $merged_settings = merge($def_settings,$settings) + + case $facts['operatingsystem'] { 'Gentoo': { include ::shorewall::gentoo } 'Debian','Ubuntu': { include ::shorewall::debian } 'CentOS': { include ::shorewall::centos } default: { - notice "unknown operatingsystem: ${::operatingsystem}" + notice "unknown operatingsystem: ${facts['operatingsystem']}" include ::shorewall::base } } @@ -102,12 +129,19 @@ class shorewall( 'mangle', ]:; } + Shorewall::Managed_file['zones','interfaces','params','rules','policy']{ + shorewall6 => true, + } create_resources('shorewall::zone',$zones,$zones_defaults) create_resources('shorewall::interface',$interfaces,$interfaces_defaults) create_resources('shorewall::host',$hosts,$hosts_defaults) create_resources('shorewall::policy',$policy,$policy_defaults) + create_resources('shorewall::policy4',$policy4,$policy_defaults) + create_resources('shorewall::policy6',$policy6,$policy_defaults) create_resources('shorewall::rule',$rules,$rules_defaults) + create_resources('shorewall::rule4',$rules4,$rules_defaults) + create_resources('shorewall::rule6',$rules6,$rules_defaults) create_resources('shorewall::rule_section',$rulesections,$rulesections_defaults) create_resources('shorewall::masq',$masq,$masq_defaults) create_resources('shorewall::proxyarp',$proxyarp,$proxyarp_defaults) @@ -117,6 +151,8 @@ class shorewall( create_resources('shorewall::routestopped',$routestopped, $routestopped_defaults) create_resources('shorewall::params',$params,$params_defaults) + create_resources('shorewall::params4',$params4,$params_defaults) + create_resources('shorewall::params6',$params6,$params_defaults) create_resources('shorewall::tcdevices',$tcdevices,$tcdevices_defaults) create_resources('shorewall::tcrules',$tcrules,$tcrules_defaults) create_resources('shorewall::tcclasses',$tcclasses,$tcclasses_defaults) |