From 28a72736071330261ba8fa9dd5ca4e1202c1247f Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sun, 9 Apr 2017 18:57:53 +0200
Subject: make it possible to manage rules for ipv4 & ipv6 + add some more
 modern headers for certain versions

---
 manifests/rule.pp | 49 ++++++++++++++++++++++++++++++++++---------------
 1 file changed, 34 insertions(+), 15 deletions(-)

(limited to 'manifests/rule.pp')

diff --git a/manifests/rule.pp b/manifests/rule.pp
index 2fe91e2..39f0ef9 100644
--- a/manifests/rule.pp
+++ b/manifests/rule.pp
@@ -1,20 +1,39 @@
-# mark is new in 3.4.4
+# http://www.shorewall.net/manpages/shorewall-rules.html
+# http://www.shorewall.net/manpages6/shorewall6-rules.html
 define shorewall::rule(
-    $ensure = present,
-    $action,
-    $source,
-    $destination,
-    $proto = '-',
-    $destinationport = '-',
-    $sourceport = '-',
-    $originaldest = '-',
-    $ratelimit = '-',
-    $user = '-',
-    $mark = '',
-    $order
+  $action,
+  $source,
+  $destination,
+  $proto           = '-',
+  $destinationport = '-',
+  $sourceport      = '-',
+  $originaldest    = '-',
+  $ratelimit       = '-',
+  $user            = '-',
+  $mark            = '-',
+  $connlimit       = '-',
+  $time            = '-',
+  $headers         = '-',
+  $switch          = '-',
+  $helper          = '-',
+  $order           = '500',
+  $shorewall       = true,
+  $shorewall6      = false,
+  $ensure          = 'present',
 ){
+  if versioncmp($shorewall_version,'4.5.7') >= 0 {
+    $line = " ${connlimit} ${time} ${headers} ${switch} ${helper}"
+  } elsif versioncmp($shorewall_version,'4.4.24') >= 0 {
+    # el6
+    $line = " ${connlimit} ${time} ${headers} ${switch}"
+  } else {
+    # el5
+    $line = ''
+  }
   shorewall::entry{"rules-${order}-${name}":
-    ensure => $ensure,
-    line => "# ${name}\n${action} ${source} ${destination} ${proto} ${destinationport} ${sourceport} ${originaldest} ${ratelimit} ${user} ${mark}",
+    ensure     => $ensure,
+    line       => "# ${name}\n${action} ${source} ${destination} ${proto} ${destinationport} ${sourceport} ${originaldest} ${ratelimit} ${user} ${mark}${line}",
+    shorewall  => $shorewall,
+    shorewall6 => $shorewall6,
   }
 }
-- 
cgit v1.2.3


From 591b48169ba18c8f9d8337aa2626d716e6866476 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Tue, 25 Apr 2017 15:16:08 +0200
Subject: enable shorewall6 rules by default

---
 manifests/rule.pp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'manifests/rule.pp')

diff --git a/manifests/rule.pp b/manifests/rule.pp
index 39f0ef9..12c4858 100644
--- a/manifests/rule.pp
+++ b/manifests/rule.pp
@@ -18,7 +18,7 @@ define shorewall::rule(
   $helper          = '-',
   $order           = '500',
   $shorewall       = true,
-  $shorewall6      = false,
+  $shorewall6      = true,
   $ensure          = 'present',
 ){
   if versioncmp($shorewall_version,'4.5.7') >= 0 {
@@ -30,10 +30,11 @@ define shorewall::rule(
     # el5
     $line = ''
   }
+  $with_shorewall6 = $shorewall6 and $shorewall::with_shorewall6
   shorewall::entry{"rules-${order}-${name}":
     ensure     => $ensure,
     line       => "# ${name}\n${action} ${source} ${destination} ${proto} ${destinationport} ${sourceport} ${originaldest} ${ratelimit} ${user} ${mark}${line}",
     shorewall  => $shorewall,
-    shorewall6 => $shorewall6,
+    shorewall6 => $with_shorewall6,
   }
 }
-- 
cgit v1.2.3