1 files changed, 67 insertions, 29 deletions

diff --git a/manifests/init.pp b/manifests/init.pp
index d6b2d2a..6287f04 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,11 +1,14 @@
 # Manage shorewall on your system
 class shorewall(
-  $startup                    = '1',
+  $startup                    = true,
   $conf_source                = false,
+  $settings                   = {},
+  $settings6                  = {},
+  $shorewall6                 = 'auto',
   $ensure_version             = 'present',
   $tor_transparent_proxy_host = '127.0.0.1',
   $tor_transparent_proxy_port = '9040',
-  $tor_user                   = $::operatingsystem ? {
+  $tor_user                   = $facts['operatingsystem'] ? {
     'Debian' => 'debian-tor',
     default  => 'tor'
   },
@@ -16,8 +19,12 @@ class shorewall(
   $hosts                      = {},
   $hosts_defaults             = {},
   $policy                     = {},
+  $policy4                    = {},
+  $policy6                    = {},
   $policy_defaults            = {},
   $rules                      = {},
+  $rules4                     = {},
+  $rules6                     = {},
   $rules_defaults             = {},
   $rulesections               = {},
   $rulesections_defaults      = {},
@@ -27,13 +34,13 @@ class shorewall(
   $proxyarp_defaults          = {},
   $nat                        = {},
   $nat_defaults               = {},
-  $blacklist                  = {},
-  $blacklist_defaults         = {},
-  $rfc1918                    = {},
-  $rfc1918_defaults           = {},
   $routestopped               = {},
   $routestopped_defaults      = {},
+  $stoppedrules               = {},
+  $stoppedrules_defaults      = {},
   $params                     = {},
+  $params4                    = {},
+  $params6                    = {},
   $params_defaults            = {},
   $tcdevices                  = {},
   $tcdevices_defaults         = {},
@@ -48,73 +55,104 @@ class shorewall(
   $daily_check                = true,
 ) {
 
-  case $::operatingsystem {
+  # workaround https://tickets.puppetlabs.com/browse/FACT-1739
+  if $shorewall6 == 'auto' {
+    if $facts['ipaddress6'] and $facts['ipaddress6'] =~ /:/ {
+      $with_shorewall6 = true
+    } else {
+      $with_shorewall6 = false
+    }
+  } else {
+    $with_shorewall6 = str2bool($shorewall6)
+  }
+
+  $disable_ipv6 = $with_shorewall6 ? {
+    false   => 'Yes',
+    default => 'No',
+  }
+  $def_settings = {
+    'LOG_MARTIANS' => 'No',
+    'DISABLE_IPV6' => $disable_ipv6,
+  }
+
+  $merged_settings = merge($def_settings,$settings)
+
+  case $facts['operatingsystem'] {
     'Gentoo': { include ::shorewall::gentoo }
     'Debian','Ubuntu': { include ::shorewall::debian }
     'CentOS': { include ::shorewall::centos }
     default: {
-      notice "unknown operatingsystem: ${::operatingsystem}"
+      notice "unknown operatingsystem: ${facts['operatingsystem']}"
       include ::shorewall::base
     }
   }
 
   shorewall::managed_file{
     [
-      # See http://www.shorewall.net/3.0/Documentation.htm#Zones
+      # See http://www.shorewall.net/manpages/shorewall-zones.html
       'zones',
-      # See http://www.shorewall.net/3.0/Documentation.htm#Interfaces
+      # See http://www.shorewall.net/manpages/shorewall-interfaces.html
       'interfaces',
-      # See http://www.shorewall.net/3.0/Documentation.htm#Hosts
+      # See http://www.shorewall.net/manpages/shorewall-hosts.html
       'hosts',
-      # See http://www.shorewall.net/3.0/Documentation.htm#Policy
+      # See http://www.shorewall.net/manpages/shorewall-policy.html
       'policy',
-      # See http://www.shorewall.net/3.0/Documentation.htm#Rules
+      # See http://www.shorewall.net/manpages/shorewall-rules.html
       'rules',
-      # See http://www.shorewall.net/3.0/Documentation.htm#Masq
+      # See http://www.shorewall.net/manpages/shorewall-masq.html
       'masq',
-      # See http://www.shorewall.net/3.0/Documentation.htm#ProxyArp
+      # See http://www.shorewall.net/manpages/shorewall-proxyarp.html
       'proxyarp',
-      # See http://www.shorewall.net/3.0/Documentation.htm#NAT
+      # See http://www.shorewall.net/manpages/shorewall-nat.html
       'nat',
-      # See http://www.shorewall.net/3.0/Documentation.htm#Blacklist
-      'blacklist',
-      # See http://www.shorewall.net/3.0/Documentation.htm#rfc1918
-      'rfc1918',
-      # See http://www.shorewall.net/3.0/Documentation.htm#Routestopped
+      # See http://www.shorewall.net/manpages/shorewall-stoppedrules.html
+      'stoppedrules',
+      # Deprecated http://www.shorewall.net/4.2/manpages/shorewall-routestopped.html
       'routestopped',
-      # See http://www.shorewall.net/3.0/Documentation.htm#Variables
+      # See http://www.shorewall.net/manpages/shorewall-params.html
       'params',
-      # See http://www.shorewall.net/3.0/traffic_shaping.htm
+      # See http://www.shorewall.net/manpages/shorewall-tcdevices.html
       'tcdevices',
-      # See http://www.shorewall.net/3.0/traffic_shaping.htm
+      # Deprecated http://www.shorewall.net/4.6/manpages/shorewall-tcrules.htmle 
       'tcrules',
-      # See http://www.shorewall.net/3.0/traffic_shaping.htm
+      # See http://www.shorewall.net/manpages/shorewall-tcclasses.html
       'tcclasses',
-      # http://www.shorewall.net/manpages/shorewall-providers.html
+      # See http://www.shorewall.net/manpages/shorewall-providers.html
       'providers',
       # See http://www.shorewall.net/manpages/shorewall-tunnels.html
       'tunnel',
-      # See http://www.shorewall.net/MultiISP.html
+      # See http://www.shorewall.net/manpages/shorewall-rtrules.html
       'rtrules',
+      # See http://shorewall.net/manpages/shorewall-conntrack.html
+      'conntrack',
       # See http://www.shorewall.net/manpages/shorewall-mangle.html
       'mangle',
     ]:;
   }
+  Shorewall::Managed_file['zones','interfaces','params','rules','policy']{
+    shorewall6 => true,
+  }
 
   create_resources('shorewall::zone',$zones,$zones_defaults)
   create_resources('shorewall::interface',$interfaces,$interfaces_defaults)
   create_resources('shorewall::host',$hosts,$hosts_defaults)
   create_resources('shorewall::policy',$policy,$policy_defaults)
+  create_resources('shorewall::policy4',$policy4,$policy_defaults)
+  create_resources('shorewall::policy6',$policy6,$policy_defaults)
   create_resources('shorewall::rule',$rules,$rules_defaults)
+  create_resources('shorewall::rule4',$rules4,$rules_defaults)
+  create_resources('shorewall::rule6',$rules6,$rules_defaults)
   create_resources('shorewall::rule_section',$rulesections,$rulesections_defaults)
   create_resources('shorewall::masq',$masq,$masq_defaults)
   create_resources('shorewall::proxyarp',$proxyarp,$proxyarp_defaults)
   create_resources('shorewall::nat',$nat,$nat_defaults)
-  create_resources('shorewall::blacklist',$blacklist,$blacklist_defaults)
-  create_resources('shorewall::rfc1918',$rfc1918,$rfc1918_defaults)
+  create_resources('shorewall::stoppedrules',$stoppedrules,
+    $stoppedrules_defaults)
   create_resources('shorewall::routestopped',$routestopped,
     $routestopped_defaults)
   create_resources('shorewall::params',$params,$params_defaults)
+  create_resources('shorewall::params4',$params4,$params_defaults)
+  create_resources('shorewall::params6',$params6,$params_defaults)
   create_resources('shorewall::tcdevices',$tcdevices,$tcdevices_defaults)
   create_resources('shorewall::tcrules',$tcrules,$tcrules_defaults)
   create_resources('shorewall::tcclasses',$tcclasses,$tcclasses_defaults)