Merge branch 'master' of https://github.com/duritong/puppet-shorewall

Conflicts: manifests/debian.pp manifests/managed_file.pp
author: Lebedev Vadim <abraham1901@gmail.com> 2016-04-29 13:05:55 +0300
committer: Lebedev Vadim <abraham1901@gmail.com> 2016-04-29 13:05:55 +0300
commit: ef445bc9b9482f5e6efa7f18fdc79efc60fccb5c (patch)
tree: 8cb787458aab582df8372ce4579de6d9d19a5699 /manifests
parent: 79503b830d17af99427c69eb64c2e21a7c36485f (diff)
parent: eaba8159fcfc38dbc72e2476e753b05ea7554d55 (diff)
7 files changed, 101 insertions, 46 deletions
diff --git a/manifests/base.pp b/manifests/base.pp
index 4ee8747..12b8c34 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -10,14 +10,14 @@ class shorewall::base {
     '/etc/shorewall/shorewall.conf':
       require => Package[shorewall],
       notify  => Service[shorewall],
-      owner   => root,
-      group   => 0,
+      owner   => 'root',
+      group   => 'root',
       mode    => '0644';
     '/etc/shorewall/puppet':
       ensure  => directory,
       require => Package[shorewall],
-      owner   => root,
-      group   => 0,
+      owner   => 'root',
+      group   => 'root',
       mode    => '0644';
   }
 
@@ -27,15 +27,13 @@ class shorewall::base {
     }
   } else {
 
-  require augeas
-
-  augeas { 'shorewall_module_config_path':
-    changes => 'set /files/etc/shorewall/shorewall.conf/CONFIG_PATH \'"/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall"\'',
-    lens    => 'Shellvars.lns',
-    incl    => '/etc/shorewall/shorewall.conf',
-    notify  => Service['shorewall'],
-    require => Package['shorewall'];
-  }
+    augeas { 'shorewall_module_config_path':
+      changes => 'set /files/etc/shorewall/shorewall.conf/CONFIG_PATH \'"/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall"\'',
+      lens    => 'Shellvars.lns',
+      incl    => '/etc/shorewall/shorewall.conf',
+      notify  => Service['shorewall'],
+      require => Package['shorewall'];
+    }
   }
 
   service{'shorewall':
diff --git a/manifests/debian.pp b/manifests/debian.pp
index c439871..01d108f 100644
--- a/manifests/debian.pp
+++ b/manifests/debian.pp
@@ -3,7 +3,7 @@ class shorewall::debian inherits shorewall::base {
     content => template("shorewall/debian_default.erb"),
     require => Package['shorewall'],
     notify => Service['shorewall'],
-    owner => root, group => '0', mode => '0644';
+    owner => 'root', group => 'root', mode => '0644';
   }
   Service['shorewall']{
     status => '/sbin/shorewall status'
diff --git a/manifests/init.pp b/manifests/init.pp
index cd6488b..5966bed 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -8,22 +8,49 @@ class shorewall(
   $tor_user                   = $::operatingsystem ? {
     'Debian' => 'debian-tor',
     default  => 'tor'
-  }
+  },
+  $zones                      = {},
+  $zones_defaults             = {},
+  $interfaces                 = {},
+  $interfaces_defaults        = {},
+  $hosts                      = {},
+  $hosts_defaults             = {},
+  $policy                     = {},
+  $policy_defaults            = {},
+  $rules                      = {},
+  $rules_defaults             = {},
+  $rulesections               = {},
+  $rulesections_defaults      = {},
+  $masq                       = {},
+  $masq_defaults              = {},
+  $proxyarp                   = {},
+  $proxyarp_defaults          = {},
+  $nat                        = {},
+  $nat_defaults               = {},
+  $blacklist                  = {},
+  $blacklist_defaults         = {},
+  $rfc1918                    = {},
+  $rfc1918_defaults           = {},
+  $routestopped               = {},
+  $routestopped_defaults      = {},
+  $params                     = {},
+  $params_defaults            = {},
+  $tcdevices                  = {},
+  $tcdevices_defaults         = {},
+  $tcrules                    = {},
+  $tcrules_defaults           = {},
+  $tcclasses                  = {},
+  $tcclasses_defaults         = {},
+  $tunnels                    = {},
+  $tunnels_defaults           = {},
+  $rtrules                    = {},
+  $rtrules_defaults           = {},
 ) {
 
   case $::operatingsystem {
     gentoo: { include shorewall::gentoo }
-    debian: {
-      include shorewall::debian
-      $dist_tor_user = 'debian-tor'
-    }
+    debian,ubuntu: { include shorewall::debian }
     centos: { include shorewall::centos }
-    ubuntu: {
-    case $::lsbdistcodename {
-      karmic: { include shorewall::ubuntu::karmic }
-      default: { include shorewall::debian }
-      }
-    }
     default: {
       notice "unknown operatingsystem: ${::operatingsystem}"
       include shorewall::base
@@ -65,9 +92,29 @@ class shorewall(
       # http://www.shorewall.net/manpages/shorewall-providers.html
       'providers',
       # See http://www.shorewall.net/manpages/shorewall-tunnels.html
-      'tunnel',
+      'tunnels',
       # See http://www.shorewall.net/MultiISP.html
       'rtrules',
     ]:;
   }
+
+  create_resources('shorewall::zone',$zones,$zones_defaults)
+  create_resources('shorewall::interface',$interfaces,$interfaces_defaults)
+  create_resources('shorewall::host',$hosts,$hosts_defaults)
+  create_resources('shorewall::policy',$policy,$policy_defaults)
+  create_resources('shorewall::rule',$rules,$rules_defaults)
+  create_resources('shorewall::rule_section',$rulesections,$rulesections_defaults)
+  create_resources('shorewall::masq',$masq,$masq_defaults)
+  create_resources('shorewall::proxyarp',$proxyarp,$proxyarp_defaults)
+  create_resources('shorewall::nat',$nat,$nat_defaults)
+  create_resources('shorewall::blacklist',$blacklist,$blacklist_defaults)
+  create_resources('shorewall::rfc1918',$rfc1918,$rfc1918_defaults)
+  create_resources('shorewall::routestopped',$routestopped,
+    $routestopped_defaults)
+  create_resources('shorewall::params',$params,$params_defaults)
+  create_resources('shorewall::tcdevices',$tcdevices,$tcdevices_defaults)
+  create_resources('shorewall::tcrules',$tcrules,$tcrules_defaults)
+  create_resources('shorewall::tcclasses',$tcclasses,$tcclasses_defaults)
+  create_resources('shorewall::tunnel',$tunnels,$tunnels_defaults)
+  create_resources('shorewall::rtrules',$rtrules,$rtrules_defaults)
 }
diff --git a/manifests/managed_file.pp b/manifests/managed_file.pp
index 75326b8..7061721 100644
--- a/manifests/managed_file.pp
+++ b/manifests/managed_file.pp
@@ -2,7 +2,7 @@ define shorewall::managed_file () {
   concat{ "/etc/shorewall/puppet/${name}":
     notify => Service['shorewall'],
     require => File['/etc/shorewall/puppet'],
-    owner => root, group => '0', mode => '0600';
+    owner => 'root', group => 'root', mode => '0600';
   }
   concat::fragment {
     "${name}-header":
diff --git a/manifests/rules/jabberserver.pp b/manifests/rules/jabberserver.pp
index 3b38b29..226d627 100644
--- a/manifests/rules/jabberserver.pp
+++ b/manifests/rules/jabberserver.pp
@@ -1,19 +1,34 @@
-class shorewall::rules::jabberserver {
+# open ports used by a jabberserver
+# in and outbound.
+class shorewall::rules::jabberserver(
+  $open_stun = true,
+) {
   shorewall::rule {
     'net-me-tcp_jabber':
-            source          => 'net',
-            destination     => '$FW',
-            proto           => 'tcp',
-            destinationport => '5222,5223,5269',
-            order           => 240,
-            action          => 'ACCEPT';
+        source          => 'net',
+        destination     => '$FW',
+        proto           => 'tcp',
+        destinationport => '5222,5223,5269',
+        order           => 240,
+        action          => 'ACCEPT';
     'me-net-tcp_jabber_s2s':
-            source          => '$FW',
-            destination     => 'net',
-            proto           => 'tcp',
-            destinationport => '5260,5269,5270,5271,5272',
-            order           => 240,
-            action          => 'ACCEPT';
+        source          => '$FW',
+        destination     => 'net',
+        proto           => 'tcp',
+        destinationport => '5260,5269,5270,5271,5272',
+        order           => 240,
+        action          => 'ACCEPT';
   }
 
+  if $open_stun {
+    shorewall::rule {
+      'net-me-udp_jabber_stun_server':
+        source          => 'net',
+        destination     => '$FW',
+        proto           => 'udp',
+        destinationport => '3478',
+        order           => 240,
+        action          => 'ACCEPT';
+    }
+  }
 }
diff --git a/manifests/tunnel.pp b/manifests/tunnel.pp
index 2cac922..0e645c8 100644
--- a/manifests/tunnel.pp
+++ b/manifests/tunnel.pp
@@ -5,7 +5,7 @@ define shorewall::tunnel(
     $gateway_zones = '',
     $order = '1'
 ) {
-    shorewall::entry { "tunnel-${order}-${name}":
+    shorewall::entry { "tunnels-${order}-${name}":
         line => "# ${name}\n${tunnel_type} ${zone} ${gateway} ${gateway_zones}",
     }
 }
diff --git a/manifests/ubuntu/karmic.pp b/manifests/ubuntu/karmic.pp
deleted file mode 100644
index 0df3789..0000000
--- a/manifests/ubuntu/karmic.pp
+++ /dev/null
@@ -1,5 +0,0 @@
-class shorewall::ubuntu::karmic inherits shorewall::debian {
-  Package['shorewall']{
-    name => 'shorewall-shell',
-  }
-}
author	Lebedev Vadim <abraham1901@gmail.com>	2016-04-29 13:05:55 +0300
committer	Lebedev Vadim <abraham1901@gmail.com>	2016-04-29 13:05:55 +0300
commit	ef445bc9b9482f5e6efa7f18fdc79efc60fccb5c (patch)
tree	8cb787458aab582df8372ce4579de6d9d19a5699 /manifests
parent	79503b830d17af99427c69eb64c2e21a7c36485f (diff)
parent	eaba8159fcfc38dbc72e2476e753b05ea7554d55 (diff)