From d4a2a66e9b9641f84168f86db7fa10dd33326c12 Mon Sep 17 00:00:00 2001
From: Marcel Haerry <haerry@puzzle.ch>
Date: Thu, 4 Aug 2011 14:03:16 +0200
Subject: The order of the section needs to ab adjusted, otherwise things will
 be place at the wrong place

---
 README | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'README')

diff --git a/README b/README
index a0e54ec..feac7fc 100644
--- a/README
+++ b/README
@@ -46,7 +46,7 @@ class config::site-shorewall {
         }
 
         shorewall::rule_section { 'NEW':
-                order => 10;
+                order => 100;
         }
 
         case $shorewall_rfc1918_maineth {
-- 
cgit v1.2.3


From 5f5482a2084029382a10058a287ff85c8c16c7ac Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Wed, 6 Jun 2012 01:19:34 -0300
Subject: fix for new style for 2.7

---
 README | 111 ++++++++++++++++++++++++++++++++---------------------------------
 1 file changed, 55 insertions(+), 56 deletions(-)

(limited to 'README')

diff --git a/README b/README
index feac7fc..77a845c 100644
--- a/README
+++ b/README
@@ -21,8 +21,9 @@ Example
 Example from node.pp:
 
 node xy {
-	$shorewall_startup="0"  # create shorewall ruleset but don't startup
-	include config::site-shorewall
+	class{'config::site_shorewall':
+	  startup => "0"  # create shorewall ruleset but don't startup
+  }
 	shorewall::rule {
 		'incoming-ssh': source => 'all', destination => '$FW',  action  => 'SSH/ACCEPT', order => 200;
 		'incoming-puppetmaster': source => 'all', destination => '$FW',  action  => 'Puppetmaster/ACCEPT', order => 300;
@@ -32,62 +33,60 @@ node xy {
 }
 
 
-class config::site-shorewall {
-        include shorewall
-
-	# If you want logging:
-        #shorewall::params {
-        #       'LOG':            value => 'debug';
-        #	'MAILSERVER':     value => $shorewall_mailserver;
-        #}
-
-        shorewall::zone {'net':
-                type => 'ipv4';
-        }
-
-        shorewall::rule_section { 'NEW':
-                order => 100;
-        }
-
-        case $shorewall_rfc1918_maineth {
-                '': {$shorewall_rfc1918_maineth = true }
-        }
-
-        case $shorewall_main_interface {
-                '': { $shorewall_main_interface = 'eth0' }
-        }
-
-        shorewall::interface {"$shorewall_main_interface":
-                zone    => 'net',
-                rfc1918  => $shorewall_rfc1918_maineth,
-                options => 'tcpflags,blacklist,nosmurfs';
-        }
-
-        shorewall::policy {
-                'fw-to-fw':
-                  sourcezone              =>      '$FW',
-                  destinationzone         =>      '$FW',
-                  policy                  =>      'ACCEPT',
-                  order                   =>      100;
-                'fw-to-net':
-                sourcezone              =>      '$FW',
-                destinationzone         =>      'net',
-                policy                  =>      'ACCEPT',
-                shloglevel              =>      '$LOG',
-                order                   =>      110;
-                'net-to-fw':
-                sourcezone              =>      'net',
-                destinationzone         =>      '$FW',
-                policy                  =>      'DROP',
-                shloglevel              =>      '$LOG',
-                order                   =>      120;
-        }       
+class config::site_shorewall($startup = '1') {
+  class{'shorewall':
+    startup => $startup
+  }
+
+  # If you want logging:
+  #shorewall::params {
+  # 'LOG':  value => 'debug';
+  #}
+
+  shorewall::zone {'net':
+    type => 'ipv4';
+  }
+
+  shorewall::rule_section { 'NEW':
+    order => 100;
+  }
+
+  $shorewall_main_interface hiera('shorewall_main_interface','eth0')
+  shorewall::interface { $shorewall_main_interface:
+    zone    => 'net',
+    rfc1918  => hiera('shorewall_rfc1918_maineth',true)
+    options => 'tcpflags,blacklist,nosmurfs';
+  }
+
+  shorewall::policy {
+    'fw-to-fw':
+      sourcezone              =>      '$FW',
+      destinationzone         =>      '$FW',
+      policy                  =>      'ACCEPT',
+      order                   =>      100;
+    'fw-to-net':
+      sourcezone              =>      '$FW',
+      destinationzone         =>      'net',
+      policy                  =>      'ACCEPT',
+      shloglevel              =>      '$LOG',
+      order                   =>      110;
+    'net-to-fw':
+      sourcezone              =>      'net',
+      destinationzone         =>      '$FW',
+      policy                  =>      'DROP',
+      shloglevel              =>      '$LOG',
+      order                   =>      120;
+  }       
 
         
-        # default Rules : ICMP 
-        shorewall::rule { 'allicmp-to-host': source => 'all', destination => '$FW', order  => 200, action  => 'AllowICMPs/ACCEPT';
-        }
- 
+  # default Rules : ICMP 
+  shorewall::rule {
+    'allicmp-to-host':
+      source => 'all',
+      destination => '$FW',
+      order  => 200,
+      action  => 'AllowICMPs/ACCEPT';
+  }
 }
 
 
-- 
cgit v1.2.3


From 210b66ab54f1c57a10a2e9a342559f77e649658f Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Wed, 13 Jun 2012 21:34:55 -0300
Subject: migrate away from hiera stuff

---
 README | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'README')

diff --git a/README b/README
index 77a845c..f6d9b99 100644
--- a/README
+++ b/README
@@ -51,10 +51,9 @@ class config::site_shorewall($startup = '1') {
     order => 100;
   }
 
-  $shorewall_main_interface hiera('shorewall_main_interface','eth0')
-  shorewall::interface { $shorewall_main_interface:
+  shorewall::interface { 'eth0':
     zone    => 'net',
-    rfc1918  => hiera('shorewall_rfc1918_maineth',true)
+    rfc1918  => true,
     options => 'tcpflags,blacklist,nosmurfs';
   }
 
-- 
cgit v1.2.3