From cdb82d7bde4861434cea81d7f5770164f5fff76c Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Fri, 7 Apr 2017 17:46:01 +0200
Subject: make zones also for ipv6

---
 manifests/entry.pp | 25 +++++++++++++++++++------
 manifests/zone.pp  | 34 +++++++++++++++++++++++++---------
 2 files changed, 44 insertions(+), 15 deletions(-)

diff --git a/manifests/entry.pp b/manifests/entry.pp
index c8fffc7..a7321f8 100644
--- a/manifests/entry.pp
+++ b/manifests/entry.pp
@@ -1,12 +1,25 @@
+# a core wrapper for all kinds of entries
 define shorewall::entry(
-    $ensure = present,
+    $ensure     = present,
+    $shorewall  = true,
+    $shorewall6 = false,
     $line
 ){
   $parts = split($name,'-')
-  concat::fragment{$name:
-    ensure => $ensure,
-    content => "${line}\n",
-    order => $parts[1],
-    target => "/etc/shorewall/puppet/${parts[0]}",
+  if $shorewall {
+    concat::fragment{$name:
+      ensure  => $ensure,
+      content => "${line}\n",
+      order   => $parts[1],
+      target  => "/etc/shorewall/puppet/${parts[0]}",
+    }
+  }
+  if $shorewall6 and $shorewall::with_shorewall6 {
+    concat::fragment{"shorewall6_${name}":
+      ensure  => $ensure,
+      content => "${line}\n",
+      order   => $parts[1],
+      target  => "/etc/shorewall6/puppet/${parts[0]}",
+    }
   }
 }
diff --git a/manifests/zone.pp b/manifests/zone.pp
index 81e5771..8ee1b58 100644
--- a/manifests/zone.pp
+++ b/manifests/zone.pp
@@ -1,14 +1,30 @@
+# define a zone
 define shorewall::zone(
-    $type,
-    $options = '-',
-    $in = '-',
-    $out = '-',
-    $parent = '-',
-    $order = 100
+  $type,
+  $options = '-',
+  $in      = '-',
+  $out     = '-',
+  $parent  = '-',
+  $order   = 100,
 ){
-    $real_name = $parent ? { '-' => $name, default => "${name}:${parent}" }
-    shorewall::entry { "zones-${order}-${name}":
-        line => "${real_name} ${type} ${options} ${in} ${out}"
+  $real_name = $parent ? { '-' => $name, default => "${name}:${parent}" }
+  shorewall::entry { "zones-${order}-${name}":
+      line       => "${real_name} ${type} ${options} ${in} ${out}",
+      shorewall  => true,
+      shorewall6 => false,
+  }
+  if $shorewall::with_shorewall6 {
+    $type6 = $type ? {
+      'ipv4'  => 'ipv6',
+      'ipsec' => 'ipsec6',
+      'bport' => 'bport6',
+      default => $type,
     }
+    shorewall::entry { "zones-${order}-${name}_6":
+      line       => "${real_name} ${type6} ${options} ${in} ${out}",
+      shorewall  => false,
+      shorewall6 => true,
+    }
+  }
 }
 
-- 
cgit v1.2.3