From 1bcdc4ad9340b1468e4bb14e0b7f1ea8bea73c7f Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Tue, 25 Apr 2017 17:12:59 +0200
Subject: manage policies for shorewall6

---
 manifests/init.pp    |  4 ++++
 manifests/policy.pp  | 24 ++++++++++++++++--------
 manifests/policy4.pp | 22 ++++++++++++++++++++++
 manifests/policy6.pp | 22 ++++++++++++++++++++++
 4 files changed, 64 insertions(+), 8 deletions(-)
 create mode 100644 manifests/policy4.pp
 create mode 100644 manifests/policy6.pp

diff --git a/manifests/init.pp b/manifests/init.pp
index 9320944..52de35c 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -19,6 +19,8 @@ class shorewall(
   $hosts                      = {},
   $hosts_defaults             = {},
   $policy                     = {},
+  $policy4                    = {},
+  $policy6                    = {},
   $policy_defaults            = {},
   $rules                      = {},
   $rules4                     = {},
@@ -136,6 +138,8 @@ class shorewall(
   create_resources('shorewall::interface',$interfaces,$interfaces_defaults)
   create_resources('shorewall::host',$hosts,$hosts_defaults)
   create_resources('shorewall::policy',$policy,$policy_defaults)
+  create_resources('shorewall::policy4',$policy4,$policy_defaults)
+  create_resources('shorewall::policy6',$policy6,$policy_defaults)
   create_resources('shorewall::rule',$rules,$rules_defaults)
   create_resources('shorewall::rule4',$rules4,$rules_defaults)
   create_resources('shorewall::rule6',$rules6,$rules_defaults)
diff --git a/manifests/policy.pp b/manifests/policy.pp
index efee05b..892a3d3 100644
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@@ -1,12 +1,20 @@
+# http://www.shorewall.net/manpages/shorewall-policy.html
+# http://www.shorewall.net/manpages6/shorewall6-policy.html
 define shorewall::policy(
-    $sourcezone,
-    $destinationzone,
-    $policy, $shloglevel = '-',
-    $limitburst = '-',
-    $order
+  $sourcezone,
+  $destinationzone,
+  $policy,
+  $order,
+  $shloglevel = '-',
+  $limitburst = '-',
+  $shorewall  = true,
+  $shorewall6 = true,
 ){
-    shorewall::entry{"policy-${order}-${name}":
-        line => "# ${name}\n${sourcezone} ${destinationzone} ${policy} ${shloglevel} ${limitburst}",
-    }
+  $with_shorewall6 = $shorewall6 and $shorewall::with_shorewall6
+  shorewall::entry{"policy-${order}-${name}":
+    line       => "# ${name}\n${sourcezone} ${destinationzone} ${policy} ${shloglevel} ${limitburst}",
+    shorewall  => $shorewall,
+    shorewall6 => $with_shorewall6,
+  }
 }
 
diff --git a/manifests/policy4.pp b/manifests/policy4.pp
new file mode 100644
index 0000000..301d9af
--- /dev/null
+++ b/manifests/policy4.pp
@@ -0,0 +1,22 @@
+# http://www.shorewall.net/manpages/shorewall-policy.html
+define shorewall::policy4(
+  $sourcezone,
+  $destinationzone,
+  $policy,
+  $order,
+  $shloglevel = '-',
+  $limitburst = '-',
+){
+  shorewall::policy{
+    $name:
+      sourcezone      => $sourcezone,
+      destinationzone => $destinationzone,
+      policy          => $policy,
+      order           => $order,
+      shloglevel      => $shloglevel,
+      limitburst      => $limitburst,
+      shorewall       => true,
+      shorewall6      => false,
+  }
+}
+
diff --git a/manifests/policy6.pp b/manifests/policy6.pp
new file mode 100644
index 0000000..1a4735f
--- /dev/null
+++ b/manifests/policy6.pp
@@ -0,0 +1,22 @@
+# http://www.shorewall.net/manpages6/shorewall6-policy.html
+define shorewall::policy6(
+  $sourcezone,
+  $destinationzone,
+  $policy,
+  $order,
+  $shloglevel = '-',
+  $limitburst = '-',
+){
+  shorewall::policy{
+    $name:
+      sourcezone      => $sourcezone,
+      destinationzone => $destinationzone,
+      policy          => $policy,
+      order           => $order,
+      shloglevel      => $shloglevel,
+      limitburst      => $limitburst,
+      shorewall       => false,
+      shorewall6      => true,
+  }
+}
+
-- 
cgit v1.2.3