diff options
author | Micah Anderson <micah@riseup.net> | 2018-01-13 11:13:23 -0500 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2018-01-13 11:13:23 -0500 |
commit | 4cf7030c0c1f9977d297d502f736029e57e36d40 (patch) | |
tree | c2219300400d0a455e8e0aba0df19c83a6de8121 /manifests/rule.pp | |
parent | 7332777829c19a63ce3d9bc50a2ddd40b940743a (diff) | |
parent | fab57483f46bab58275063081c5e4e6f7db9d2ab (diff) |
Merge remote-tracking branch 'immerda/master' into immerda_merge
Diffstat (limited to 'manifests/rule.pp')
-rw-r--r-- | manifests/rule.pp | 50 |
1 files changed, 35 insertions, 15 deletions
diff --git a/manifests/rule.pp b/manifests/rule.pp index 2fe91e2..12c4858 100644 --- a/manifests/rule.pp +++ b/manifests/rule.pp @@ -1,20 +1,40 @@ -# mark is new in 3.4.4 +# http://www.shorewall.net/manpages/shorewall-rules.html +# http://www.shorewall.net/manpages6/shorewall6-rules.html define shorewall::rule( - $ensure = present, - $action, - $source, - $destination, - $proto = '-', - $destinationport = '-', - $sourceport = '-', - $originaldest = '-', - $ratelimit = '-', - $user = '-', - $mark = '', - $order + $action, + $source, + $destination, + $proto = '-', + $destinationport = '-', + $sourceport = '-', + $originaldest = '-', + $ratelimit = '-', + $user = '-', + $mark = '-', + $connlimit = '-', + $time = '-', + $headers = '-', + $switch = '-', + $helper = '-', + $order = '500', + $shorewall = true, + $shorewall6 = true, + $ensure = 'present', ){ + if versioncmp($shorewall_version,'4.5.7') >= 0 { + $line = " ${connlimit} ${time} ${headers} ${switch} ${helper}" + } elsif versioncmp($shorewall_version,'4.4.24') >= 0 { + # el6 + $line = " ${connlimit} ${time} ${headers} ${switch}" + } else { + # el5 + $line = '' + } + $with_shorewall6 = $shorewall6 and $shorewall::with_shorewall6 shorewall::entry{"rules-${order}-${name}": - ensure => $ensure, - line => "# ${name}\n${action} ${source} ${destination} ${proto} ${destinationport} ${sourceport} ${originaldest} ${ratelimit} ${user} ${mark}", + ensure => $ensure, + line => "# ${name}\n${action} ${source} ${destination} ${proto} ${destinationport} ${sourceport} ${originaldest} ${ratelimit} ${user} ${mark}${line}", + shorewall => $shorewall, + shorewall6 => $with_shorewall6, } } |