From a8c1abea710e88e63a64b8889fe9965e95ff1740 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sat, 8 Apr 2017 13:06:43 +0200
Subject: cleanup certain unsupported options

---
 manifests/interface.pp | 57 ++++++++++++++++++++++++++++++++------------------
 1 file changed, 37 insertions(+), 20 deletions(-)

diff --git a/manifests/interface.pp b/manifests/interface.pp
index 403ee74..4ec587e 100644
--- a/manifests/interface.pp
+++ b/manifests/interface.pp
@@ -1,29 +1,46 @@
+# manage a shorewall-interface entry
+# http://www.shorewall.net/manpages/shorewall-interfaces.html
 define shorewall::interface(
-    $zone,
-    $broadcast = 'detect',
-    $options = 'tcpflags,blacklist,routefilter,nosmurfs,logmartians',
-    $add_options = '',
-    $rfc1918 = false,
-    $dhcp = false,
-    $order = 100
+  $zone,
+  $broadcast   = 'detect',
+  $options     = 'tcpflags,blacklist,routefilter,nosmurfs,logmartians',
+  $add_options = '',
+  $rfc1918     = false,
+  $dhcp        = false,
+  $order       = 100,
 ){
-    $added_opts = $add_options ? {
-        ''      => '',
-        default => ",${add_options}",
-    }
+  $added_opts = $add_options ? {
+    ''      => '',
+    default => ",${add_options}",
+  }
 
-    $dhcp_opt = $dhcp ? {
-        false   => '',
-        default => ',dhcp',
-    }
+  $dhcp_opt = $dhcp ? {
+    false   => '',
+    default => ',dhcp',
+  }
 
+  if versioncmp($shorewall_version,'4.5') < 0 {
     $rfc1918_opt = $rfc1918 ? {
-        false   => ',norfc1918',
-        default => '',
+      false   => ',norfc1918',
+      default => '',
     }
+  } else {
+    $rfc1918_opt = ''
+  }
+  $all_options = "${options}${dhcp_opt}${rfc1918_opt}${added_opts}"
+  if versioncmp($shorewall_version,'4.5') >= 0 {
+    $all_options1 = regsubst($all_options,',(no)?rfc1918','')
+  } else {
+    $all_options1 = $all_options
+  }
+  if versioncmp($shorewall_major_version,'5') >= 0 {
+    $all_options2 = regsubst($all_options1,',blacklist','')
+  } else {
+    $all_options2 = $all_options1
+  }
 
-    shorewall::entry { "interfaces-${order}-${name}":
-        line => "${zone} ${name} ${broadcast} ${options}${dhcp_opt}${rfc1918_opt}${added_opts}",
-    }
+  shorewall::entry { "interfaces-${order}-${name}":
+    line => "${zone} ${name} ${broadcast} ${all_options2}",
+  }
 }
 
-- 
cgit v1.2.3