Merge branch '5.x' into 'master'

changes needed for 5.x

See merge request !7

2 files changed, 42 insertions, 1 deletions

diff --git a/manifests/blrules.pp b/manifests/blrules.pp
new file mode 100644
index 0000000..b8fe73f
--- /dev/null
+++ b/manifests/blrules.pp
@@ -0,0 +1,35 @@
+# Manage blrules. For additional information type "man shorewall-blrules"
+#
+# Sample Usage:
+#
+#  shorewall::interface { 'br0':
+#    zone    => 'net',
+#    rfc1918  => true,
+#    options => 'tcpflags,blacklist,nosmurfs,routeback,bridge';
+#  }
+#
+#  class { 'shorewall::blrules':
+#    options         => 'tcpflags,blacklist,nosmurfs,routeback,bridge',
+#    whitelists    =>  [
+#                          "net:10.0.0.1,192.168.0.1 all",
+#                        ],
+#
+#    drops           => [
+#                          'net  all tcp 22', #ssh
+#                       ],
+#  }
+
+
+class shorewall::blrules (
+  $whitelists,
+  $drops,
+) {
+  file{'/etc/shorewall/puppet/blrules':
+    content => template('shorewall/blrules.erb'),
+    require => Package['shorewall'],
+    notify  => Service['shorewall'],
+    owner   => root,
+    group   => 0,
+    mode    => '0644';
+  }
+}
diff --git a/manifests/rule_section.pp b/manifests/rule_section.pp
index 82984ca..f5fa785 100644
--- a/manifests/rule_section.pp
+++ b/manifests/rule_section.pp
@@ -1,7 +1,13 @@
 define shorewall::rule_section(
     $order
 ){
+  if versioncmp($shorewall_major_version,'4') > 0 {
+    $rule_section_prefix = '?'
+  } else {
+    $rule_section_prefix = ''
+  }
+
     shorewall::entry{"rules-${order}-${name}":
-        line => "SECTION ${name}",
+        line => "${rule_section_prefix}SECTION ${name}",
     }       
 }