diff options
author | Micah Anderson <micah@riseup.net> | 2018-01-13 11:13:23 -0500 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2018-01-13 11:13:23 -0500 |
commit | 4cf7030c0c1f9977d297d502f736029e57e36d40 (patch) | |
tree | c2219300400d0a455e8e0aba0df19c83a6de8121 /manifests/interface.pp | |
parent | 7332777829c19a63ce3d9bc50a2ddd40b940743a (diff) | |
parent | fab57483f46bab58275063081c5e4e6f7db9d2ab (diff) |
Merge remote-tracking branch 'immerda/master' into immerda_merge
Diffstat (limited to 'manifests/interface.pp')
-rw-r--r-- | manifests/interface.pp | 65 |
1 files changed, 49 insertions, 16 deletions
diff --git a/manifests/interface.pp b/manifests/interface.pp index 670e477..4184db5 100644 --- a/manifests/interface.pp +++ b/manifests/interface.pp @@ -1,23 +1,56 @@ +# manage a shorewall-interface entry +# http://www.shorewall.net/manpages/shorewall-interfaces.html define shorewall::interface( - $zone, - $broadcast = 'detect', - $options = 'tcpflags,routefilter,nosmurfs,logmartians', - $add_options = '', - $dhcp = false, - $order = 100 + $zone, + $broadcast = 'detect', + $options = 'tcpflags,blacklist,routefilter,nosmurfs,logmartians', + $add_options = '', + $rfc1918 = false, + $dhcp = false, + $order = 100, ){ - $added_opts = $add_options ? { - '' => '', - default => ",${add_options}", - } + $added_opts = $add_options ? { + '' => '', + default => ",${add_options}", + } + + $dhcp_opt = $dhcp ? { + false => '', + default => ',dhcp', + } - $dhcp_opt = $dhcp ? { - false => '', - default => ',dhcp', + if versioncmp($shorewall_version,'4.5') < 0 { + $rfc1918_opt = $rfc1918 ? { + false => ',norfc1918', + default => '', } + } else { + $rfc1918_opt = '' + } + $all_options = "${options}${dhcp_opt}${rfc1918_opt}${added_opts}" + if versioncmp($shorewall_version,'4.5') >= 0 { + $all_options1 = regsubst($all_options,',(no)?rfc1918','') + } else { + $all_options1 = $all_options + } + if versioncmp($shorewall_major_version,'5') >= 0 { + $all_options2 = regsubst($all_options1,',blacklist','') + } else { + $all_options2 = $all_options1 + } - shorewall::entry { "interfaces-${order}-${name}": - line => "${zone} ${name} ${broadcast} ${options}${dhcp_opt}${added_opts}", + shorewall::entry { "interfaces-${order}-${name}": + line => "${zone} ${name} ${broadcast} ${all_options2}", + shorewall => true, + shorewall6 => false, + } + if $shorewall::with_shorewall6 { + # logmartians is not available on shorewall6 + $all_options3 = regsubst($all_options2,',logmartians','') + shorewall::entry { "interfaces-${order}-${name}_6": + line => "${zone} ${name} ${all_options3}", + shorewall => false, + shorewall6 => true, } + } } - |