1 files changed, 43 insertions, 7 deletions

diff --git a/manifests/init.pp b/manifests/init.pp
index 9cbc1e9..6287f04 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -2,14 +2,13 @@
 class shorewall(
   $startup                    = true,
   $conf_source                = false,
-  $settings                   = {
-    'LOG_MARTIANS' => 'No',
-    'DISABLE_IPV6' => 'Yes',
-  },
+  $settings                   = {},
+  $settings6                  = {},
+  $shorewall6                 = 'auto',
   $ensure_version             = 'present',
   $tor_transparent_proxy_host = '127.0.0.1',
   $tor_transparent_proxy_port = '9040',
-  $tor_user                   = $::operatingsystem ? {
+  $tor_user                   = $facts['operatingsystem'] ? {
     'Debian' => 'debian-tor',
     default  => 'tor'
   },
@@ -20,8 +19,12 @@ class shorewall(
   $hosts                      = {},
   $hosts_defaults             = {},
   $policy                     = {},
+  $policy4                    = {},
+  $policy6                    = {},
   $policy_defaults            = {},
   $rules                      = {},
+  $rules4                     = {},
+  $rules6                     = {},
   $rules_defaults             = {},
   $rulesections               = {},
   $rulesections_defaults      = {},
@@ -36,6 +39,8 @@ class shorewall(
   $stoppedrules               = {},
   $stoppedrules_defaults      = {},
   $params                     = {},
+  $params4                    = {},
+  $params6                    = {},
   $params_defaults            = {},
   $tcdevices                  = {},
   $tcdevices_defaults         = {},
@@ -50,12 +55,34 @@ class shorewall(
   $daily_check                = true,
 ) {
 
-  case $::operatingsystem {
+  # workaround https://tickets.puppetlabs.com/browse/FACT-1739
+  if $shorewall6 == 'auto' {
+    if $facts['ipaddress6'] and $facts['ipaddress6'] =~ /:/ {
+      $with_shorewall6 = true
+    } else {
+      $with_shorewall6 = false
+    }
+  } else {
+    $with_shorewall6 = str2bool($shorewall6)
+  }
+
+  $disable_ipv6 = $with_shorewall6 ? {
+    false   => 'Yes',
+    default => 'No',
+  }
+  $def_settings = {
+    'LOG_MARTIANS' => 'No',
+    'DISABLE_IPV6' => $disable_ipv6,
+  }
+
+  $merged_settings = merge($def_settings,$settings)
+
+  case $facts['operatingsystem'] {
     'Gentoo': { include ::shorewall::gentoo }
     'Debian','Ubuntu': { include ::shorewall::debian }
     'CentOS': { include ::shorewall::centos }
     default: {
-      notice "unknown operatingsystem: ${::operatingsystem}"
+      notice "unknown operatingsystem: ${facts['operatingsystem']}"
       include ::shorewall::base
     }
   }
@@ -102,12 +129,19 @@ class shorewall(
       'mangle',
     ]:;
   }
+  Shorewall::Managed_file['zones','interfaces','params','rules','policy']{
+    shorewall6 => true,
+  }
 
   create_resources('shorewall::zone',$zones,$zones_defaults)
   create_resources('shorewall::interface',$interfaces,$interfaces_defaults)
   create_resources('shorewall::host',$hosts,$hosts_defaults)
   create_resources('shorewall::policy',$policy,$policy_defaults)
+  create_resources('shorewall::policy4',$policy4,$policy_defaults)
+  create_resources('shorewall::policy6',$policy6,$policy_defaults)
   create_resources('shorewall::rule',$rules,$rules_defaults)
+  create_resources('shorewall::rule4',$rules4,$rules_defaults)
+  create_resources('shorewall::rule6',$rules6,$rules_defaults)
   create_resources('shorewall::rule_section',$rulesections,$rulesections_defaults)
   create_resources('shorewall::masq',$masq,$masq_defaults)
   create_resources('shorewall::proxyarp',$proxyarp,$proxyarp_defaults)
@@ -117,6 +151,8 @@ class shorewall(
   create_resources('shorewall::routestopped',$routestopped,
     $routestopped_defaults)
   create_resources('shorewall::params',$params,$params_defaults)
+  create_resources('shorewall::params4',$params4,$params_defaults)
+  create_resources('shorewall::params6',$params6,$params_defaults)
   create_resources('shorewall::tcdevices',$tcdevices,$tcdevices_defaults)
   create_resources('shorewall::tcrules',$tcrules,$tcrules_defaults)
   create_resources('shorewall::tcclasses',$tcclasses,$tcclasses_defaults)