From 89a350feaa3e5f94d104ac7e98af608db659e871 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Fri, 7 Apr 2017 15:50:11 +0200
Subject: calculate whether we want to disable ipv6 (if there is no public ipv6
 address) or not

---
 manifests/init.pp | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'manifests/init.pp')

diff --git a/manifests/init.pp b/manifests/init.pp
index aac1520..44c703b 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -2,10 +2,7 @@
 class shorewall(
   $startup                    = true,
   $conf_source                = false,
-  $settings                   = {
-    'LOG_MARTIANS' => 'No',
-    'DISABLE_IPV6' => 'Yes',
-  },
+  $settings                   = {},
   $ensure_version             = 'present',
   $tor_transparent_proxy_host = '127.0.0.1',
   $tor_transparent_proxy_port = '9040',
@@ -52,6 +49,17 @@ class shorewall(
   $daily_check                = true,
 ) {
 
+  $disable_ipv6 = $ipaddress6 ? {
+    undef   => 'Yes',
+    default => 'No',
+  }
+  $def_settings = {
+    'LOG_MARTIANS' => 'No',
+    'DISABLE_IPV6' => $disable_ipv6,
+  }
+
+  $merged_settings = merge($def_settings,$settings)
+
   case $::operatingsystem {
     'Gentoo': { include ::shorewall::gentoo }
     'Debian','Ubuntu': { include ::shorewall::debian }
-- 
cgit v1.2.3


From fd83e644a5ec2630ccc8b83d6029fbba7bfe1fe9 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Fri, 7 Apr 2017 17:05:39 +0200
Subject: first step towards shorewall6, basic service is running

---
 manifests/init.pp | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'manifests/init.pp')

diff --git a/manifests/init.pp b/manifests/init.pp
index 44c703b..16d7170 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -3,6 +3,8 @@ class shorewall(
   $startup                    = true,
   $conf_source                = false,
   $settings                   = {},
+  $settings6                  = {},
+  $shorewall6                 = 'auto',
   $ensure_version             = 'present',
   $tor_transparent_proxy_host = '127.0.0.1',
   $tor_transparent_proxy_port = '9040',
@@ -60,6 +62,14 @@ class shorewall(
 
   $merged_settings = merge($def_settings,$settings)
 
+  $with_shorewall6 = $shorewall6 ? {
+    'auto' => $ipaddress6 ? {
+      undef   => false,
+      default => true,
+    },
+    default => str2bool($shorewall6),
+  }
+
   case $::operatingsystem {
     'Gentoo': { include ::shorewall::gentoo }
     'Debian','Ubuntu': { include ::shorewall::debian }
-- 
cgit v1.2.3


From d11b179b1b2f6083c0987e4650d89ad7831863e6 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Fri, 7 Apr 2017 18:07:44 +0200
Subject: add mgmt of files for shorewall6

---
 manifests/init.pp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'manifests/init.pp')

diff --git a/manifests/init.pp b/manifests/init.pp
index 16d7170..eeab56f 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -124,6 +124,9 @@ class shorewall(
       'mangle',
     ]:;
   }
+  Shorewall::Managed_file['zones']{
+    shorewall6 => true,
+  }
 
   create_resources('shorewall::zone',$zones,$zones_defaults)
   create_resources('shorewall::interface',$interfaces,$interfaces_defaults)
-- 
cgit v1.2.3


From 6ac2e1752f2185c293360aa062b7f49facff6abe Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sat, 8 Apr 2017 13:21:14 +0200
Subject: manage interfaces for shorewall6

---
 manifests/init.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'manifests/init.pp')

diff --git a/manifests/init.pp b/manifests/init.pp
index eeab56f..f74466b 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -124,7 +124,7 @@ class shorewall(
       'mangle',
     ]:;
   }
-  Shorewall::Managed_file['zones']{
+  Shorewall::Managed_file['zones','interfaces']{
     shorewall6 => true,
   }
 
-- 
cgit v1.2.3


From 37a69624f4828079bf7c76f34cf193ab495494a7 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sat, 8 Apr 2017 13:52:14 +0200
Subject: introduce params for shorewall6, by default it's just a copy of the
 ones for shorewall

---
 manifests/init.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'manifests/init.pp')

diff --git a/manifests/init.pp b/manifests/init.pp
index f74466b..d3728e5 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -124,7 +124,7 @@ class shorewall(
       'mangle',
     ]:;
   }
-  Shorewall::Managed_file['zones','interfaces']{
+  Shorewall::Managed_file['zones','interfaces','params']{
     shorewall6 => true,
   }
 
-- 
cgit v1.2.3


From 1661427d49cc359195deb3f0f7fa3cf841807159 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sat, 8 Apr 2017 13:54:50 +0200
Subject: introduce params only for ipv6 and only for ipv4

---
 manifests/init.pp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'manifests/init.pp')

diff --git a/manifests/init.pp b/manifests/init.pp
index d3728e5..6a7eafc 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -37,6 +37,8 @@ class shorewall(
   $routestopped               = {},
   $routestopped_defaults      = {},
   $params                     = {},
+  $params4                    = {},
+  $params6                    = {},
   $params_defaults            = {},
   $tcdevices                  = {},
   $tcdevices_defaults         = {},
@@ -142,6 +144,8 @@ class shorewall(
   create_resources('shorewall::routestopped',$routestopped,
     $routestopped_defaults)
   create_resources('shorewall::params',$params,$params_defaults)
+  create_resources('shorewall::params',$params4,merge({shorewall6 => false,},$params_defaults))
+  create_resources('shorewall::params',$params6,merge({shorewall => false,},$params_defaults))
   create_resources('shorewall::tcdevices',$tcdevices,$tcdevices_defaults)
   create_resources('shorewall::tcrules',$tcrules,$tcrules_defaults)
   create_resources('shorewall::tcclasses',$tcclasses,$tcclasses_defaults)
-- 
cgit v1.2.3


From 4b5ea4bec4b6abb6abed8005bce1c8071ef97ffa Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sat, 8 Apr 2017 14:04:39 +0200
Subject: introduce params4 and params6 helper to more easily differentiate

---
 manifests/init.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'manifests/init.pp')

diff --git a/manifests/init.pp b/manifests/init.pp
index 6a7eafc..826f446 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -144,8 +144,8 @@ class shorewall(
   create_resources('shorewall::routestopped',$routestopped,
     $routestopped_defaults)
   create_resources('shorewall::params',$params,$params_defaults)
-  create_resources('shorewall::params',$params4,merge({shorewall6 => false,},$params_defaults))
-  create_resources('shorewall::params',$params6,merge({shorewall => false,},$params_defaults))
+  create_resources('shorewall::params4',$params4,$params_defaults)
+  create_resources('shorewall::params6',$params6,$params_defaults)
   create_resources('shorewall::tcdevices',$tcdevices,$tcdevices_defaults)
   create_resources('shorewall::tcrules',$tcrules,$tcrules_defaults)
   create_resources('shorewall::tcclasses',$tcclasses,$tcclasses_defaults)
-- 
cgit v1.2.3


From 28a72736071330261ba8fa9dd5ca4e1202c1247f Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sun, 9 Apr 2017 18:57:53 +0200
Subject: make it possible to manage rules for ipv4 & ipv6 + add some more
 modern headers for certain versions

---
 manifests/init.pp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'manifests/init.pp')

diff --git a/manifests/init.pp b/manifests/init.pp
index 826f446..9320944 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -21,6 +21,8 @@ class shorewall(
   $policy                     = {},
   $policy_defaults            = {},
   $rules                      = {},
+  $rules4                     = {},
+  $rules6                     = {},
   $rules_defaults             = {},
   $rulesections               = {},
   $rulesections_defaults      = {},
@@ -126,7 +128,7 @@ class shorewall(
       'mangle',
     ]:;
   }
-  Shorewall::Managed_file['zones','interfaces','params']{
+  Shorewall::Managed_file['zones','interfaces','params','rules']{
     shorewall6 => true,
   }
 
@@ -135,6 +137,8 @@ class shorewall(
   create_resources('shorewall::host',$hosts,$hosts_defaults)
   create_resources('shorewall::policy',$policy,$policy_defaults)
   create_resources('shorewall::rule',$rules,$rules_defaults)
+  create_resources('shorewall::rule4',$rules4,$rules_defaults)
+  create_resources('shorewall::rule6',$rules6,$rules_defaults)
   create_resources('shorewall::rule_section',$rulesections,$rulesections_defaults)
   create_resources('shorewall::masq',$masq,$masq_defaults)
   create_resources('shorewall::proxyarp',$proxyarp,$proxyarp_defaults)
-- 
cgit v1.2.3


From 1bcdc4ad9340b1468e4bb14e0b7f1ea8bea73c7f Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Tue, 25 Apr 2017 17:12:59 +0200
Subject: manage policies for shorewall6

---
 manifests/init.pp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'manifests/init.pp')

diff --git a/manifests/init.pp b/manifests/init.pp
index 9320944..52de35c 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -19,6 +19,8 @@ class shorewall(
   $hosts                      = {},
   $hosts_defaults             = {},
   $policy                     = {},
+  $policy4                    = {},
+  $policy6                    = {},
   $policy_defaults            = {},
   $rules                      = {},
   $rules4                     = {},
@@ -136,6 +138,8 @@ class shorewall(
   create_resources('shorewall::interface',$interfaces,$interfaces_defaults)
   create_resources('shorewall::host',$hosts,$hosts_defaults)
   create_resources('shorewall::policy',$policy,$policy_defaults)
+  create_resources('shorewall::policy4',$policy4,$policy_defaults)
+  create_resources('shorewall::policy6',$policy6,$policy_defaults)
   create_resources('shorewall::rule',$rules,$rules_defaults)
   create_resources('shorewall::rule4',$rules4,$rules_defaults)
   create_resources('shorewall::rule6',$rules6,$rules_defaults)
-- 
cgit v1.2.3


From 8782101a26279b109f7742d244f23fd245cd3f72 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Tue, 25 Apr 2017 17:18:18 +0200
Subject: we should start managing also that file

---
 manifests/init.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'manifests/init.pp')

diff --git a/manifests/init.pp b/manifests/init.pp
index 52de35c..93f71f7 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -130,7 +130,7 @@ class shorewall(
       'mangle',
     ]:;
   }
-  Shorewall::Managed_file['zones','interfaces','params','rules']{
+  Shorewall::Managed_file['zones','interfaces','params','rules','policy']{
     shorewall6 => true,
   }
 
-- 
cgit v1.2.3


From 48fad255975ccbe9b58bb1e17882a4357f8721ab Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Thu, 24 Aug 2017 19:15:12 +0200
Subject: workaround a bug in facter that sets ipaddress6 to ipv4 addresses

---
 manifests/init.pp | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'manifests/init.pp')

diff --git a/manifests/init.pp b/manifests/init.pp
index 93f71f7..7f9676d 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -68,6 +68,16 @@ class shorewall(
 
   $merged_settings = merge($def_settings,$settings)
 
+  # workaround https://tickets.puppetlabs.com/browse/FACT-1739
+  if $shorewall6 == 'auto' {
+    if $ipaddress6 and $ipaddress6 =~ /:/ {
+      $with_shorewall6 = true
+    } else {
+      $with_shorewall6 = false
+    }
+  } else {
+    $with_shorewall6 = str2bool($shorewall6)
+  }
   $with_shorewall6 = $shorewall6 ? {
     'auto' => $ipaddress6 ? {
       undef   => false,
-- 
cgit v1.2.3


From fb533f32279e4479431a37b4245a6e2f1d17e32b Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Thu, 24 Aug 2017 20:29:56 +0200
Subject: delete the old way

---
 manifests/init.pp | 7 -------
 1 file changed, 7 deletions(-)

(limited to 'manifests/init.pp')

diff --git a/manifests/init.pp b/manifests/init.pp
index 7f9676d..cf7d5b8 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -78,13 +78,6 @@ class shorewall(
   } else {
     $with_shorewall6 = str2bool($shorewall6)
   }
-  $with_shorewall6 = $shorewall6 ? {
-    'auto' => $ipaddress6 ? {
-      undef   => false,
-      default => true,
-    },
-    default => str2bool($shorewall6),
-  }
 
   case $::operatingsystem {
     'Gentoo': { include ::shorewall::gentoo }
-- 
cgit v1.2.3


From aee37040009edb28105f06ebc615f4b55d5d56a9 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Thu, 24 Aug 2017 21:14:20 +0200
Subject: make sure we also en/disable it based on the right setting

---
 manifests/init.pp | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

(limited to 'manifests/init.pp')

diff --git a/manifests/init.pp b/manifests/init.pp
index cf7d5b8..61187f0 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -57,17 +57,6 @@ class shorewall(
   $daily_check                = true,
 ) {
 
-  $disable_ipv6 = $ipaddress6 ? {
-    undef   => 'Yes',
-    default => 'No',
-  }
-  $def_settings = {
-    'LOG_MARTIANS' => 'No',
-    'DISABLE_IPV6' => $disable_ipv6,
-  }
-
-  $merged_settings = merge($def_settings,$settings)
-
   # workaround https://tickets.puppetlabs.com/browse/FACT-1739
   if $shorewall6 == 'auto' {
     if $ipaddress6 and $ipaddress6 =~ /:/ {
@@ -79,6 +68,17 @@ class shorewall(
     $with_shorewall6 = str2bool($shorewall6)
   }
 
+  $disable_ipv6 = $with_shorewall6 ? {
+    false   => 'Yes',
+    default => 'No',
+  }
+  $def_settings = {
+    'LOG_MARTIANS' => 'No',
+    'DISABLE_IPV6' => $disable_ipv6,
+  }
+
+  $merged_settings = merge($def_settings,$settings)
+
   case $::operatingsystem {
     'Gentoo': { include ::shorewall::gentoo }
     'Debian','Ubuntu': { include ::shorewall::debian }
-- 
cgit v1.2.3


From fab57483f46bab58275063081c5e4e6f7db9d2ab Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Thu, 2 Nov 2017 16:27:01 +0100
Subject: switch to the new facts hash

---
 manifests/init.pp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'manifests/init.pp')

diff --git a/manifests/init.pp b/manifests/init.pp
index 61187f0..c286ba5 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -8,7 +8,7 @@ class shorewall(
   $ensure_version             = 'present',
   $tor_transparent_proxy_host = '127.0.0.1',
   $tor_transparent_proxy_port = '9040',
-  $tor_user                   = $::operatingsystem ? {
+  $tor_user                   = $facts['operatingsystem'] ? {
     'Debian' => 'debian-tor',
     default  => 'tor'
   },
@@ -59,7 +59,7 @@ class shorewall(
 
   # workaround https://tickets.puppetlabs.com/browse/FACT-1739
   if $shorewall6 == 'auto' {
-    if $ipaddress6 and $ipaddress6 =~ /:/ {
+    if $facts['ipaddress6'] and $facts['ipaddress6'] =~ /:/ {
       $with_shorewall6 = true
     } else {
       $with_shorewall6 = false
@@ -79,12 +79,12 @@ class shorewall(
 
   $merged_settings = merge($def_settings,$settings)
 
-  case $::operatingsystem {
+  case $facts['operatingsystem'] {
     'Gentoo': { include ::shorewall::gentoo }
     'Debian','Ubuntu': { include ::shorewall::debian }
     'CentOS': { include ::shorewall::centos }
     default: {
-      notice "unknown operatingsystem: ${::operatingsystem}"
+      notice "unknown operatingsystem: ${facts['operatingsystem']}"
       include ::shorewall::base
     }
   }
-- 
cgit v1.2.3