1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
|
# Manage shorewall on your system
class shorewall(
$startup = true,
$conf_source = false,
$settings = {},
$settings6 = {},
$shorewall6 = 'auto',
$ensure_version = 'present',
$tor_transparent_proxy_host = '127.0.0.1',
$tor_transparent_proxy_port = '9040',
$tor_user = $facts['operatingsystem'] ? {
'Debian' => 'debian-tor',
default => 'tor'
},
$zones = {},
$zones_defaults = {},
$interfaces = {},
$interfaces_defaults = {},
$hosts = {},
$hosts_defaults = {},
$policy = {},
$policy4 = {},
$policy6 = {},
$policy_defaults = {},
$rules = {},
$rules4 = {},
$rules6 = {},
$rules_defaults = {},
$rulesections = {},
$rulesections_defaults = {},
$masq = {},
$masq_defaults = {},
$proxyarp = {},
$proxyarp_defaults = {},
$nat = {},
$nat_defaults = {},
$routestopped = {},
$routestopped_defaults = {},
$stoppedrules = {},
$stoppedrules_defaults = {},
$params = {},
$params4 = {},
$params6 = {},
$params_defaults = {},
$tcdevices = {},
$tcdevices_defaults = {},
$tcrules = {},
$tcrules_defaults = {},
$tcclasses = {},
$tcclasses_defaults = {},
$tunnels = {},
$tunnels_defaults = {},
$rtrules = {},
$rtrules_defaults = {},
$daily_check = true,
) {
# workaround https://tickets.puppetlabs.com/browse/FACT-1739
if $shorewall6 == 'auto' {
if $facts['ipaddress6'] and $facts['ipaddress6'] =~ /:/ {
$with_shorewall6 = true
} else {
$with_shorewall6 = false
}
} else {
$with_shorewall6 = str2bool($shorewall6)
}
$disable_ipv6 = $with_shorewall6 ? {
false => 'Yes',
default => 'No',
}
$def_settings = {
'LOG_MARTIANS' => 'No',
'DISABLE_IPV6' => $disable_ipv6,
}
$merged_settings = merge($def_settings,$settings)
case $facts['operatingsystem'] {
'Gentoo': { include ::shorewall::gentoo }
'Debian','Ubuntu': { include ::shorewall::debian }
'CentOS': { include ::shorewall::centos }
default: {
notice "unknown operatingsystem: ${facts['operatingsystem']}"
include ::shorewall::base
}
}
shorewall::managed_file{
[
# See http://www.shorewall.net/manpages/shorewall-zones.html
'zones',
# See http://www.shorewall.net/manpages/shorewall-interfaces.html
'interfaces',
# See http://www.shorewall.net/manpages/shorewall-hosts.html
'hosts',
# See http://www.shorewall.net/manpages/shorewall-policy.html
'policy',
# See http://www.shorewall.net/manpages/shorewall-rules.html
'rules',
# See http://www.shorewall.net/manpages/shorewall-masq.html
'masq',
# See http://www.shorewall.net/manpages/shorewall-proxyarp.html
'proxyarp',
# See http://www.shorewall.net/manpages/shorewall-nat.html
'nat',
# See http://www.shorewall.net/manpages/shorewall-stoppedrules.html
'stoppedrules',
# Deprecated http://www.shorewall.net/4.2/manpages/shorewall-routestopped.html
'routestopped',
# See http://www.shorewall.net/manpages/shorewall-params.html
'params',
# See http://www.shorewall.net/manpages/shorewall-tcdevices.html
'tcdevices',
# Deprecated http://www.shorewall.net/4.6/manpages/shorewall-tcrules.htmle
'tcrules',
# See http://www.shorewall.net/manpages/shorewall-tcclasses.html
'tcclasses',
# See http://www.shorewall.net/manpages/shorewall-providers.html
'providers',
# See http://www.shorewall.net/manpages/shorewall-tunnels.html
'tunnel',
# See http://www.shorewall.net/manpages/shorewall-rtrules.html
'rtrules',
# See http://shorewall.net/manpages/shorewall-conntrack.html
'conntrack',
# See http://www.shorewall.net/manpages/shorewall-mangle.html
'mangle',
]:;
}
Shorewall::Managed_file['zones','interfaces','params','rules','policy']{
shorewall6 => true,
}
create_resources('shorewall::zone',$zones,$zones_defaults)
create_resources('shorewall::interface',$interfaces,$interfaces_defaults)
create_resources('shorewall::host',$hosts,$hosts_defaults)
create_resources('shorewall::policy',$policy,$policy_defaults)
create_resources('shorewall::policy4',$policy4,$policy_defaults)
create_resources('shorewall::policy6',$policy6,$policy_defaults)
create_resources('shorewall::rule',$rules,$rules_defaults)
create_resources('shorewall::rule4',$rules4,$rules_defaults)
create_resources('shorewall::rule6',$rules6,$rules_defaults)
create_resources('shorewall::rule_section',$rulesections,$rulesections_defaults)
create_resources('shorewall::masq',$masq,$masq_defaults)
create_resources('shorewall::proxyarp',$proxyarp,$proxyarp_defaults)
create_resources('shorewall::nat',$nat,$nat_defaults)
create_resources('shorewall::stoppedrules',$stoppedrules,
$stoppedrules_defaults)
create_resources('shorewall::routestopped',$routestopped,
$routestopped_defaults)
create_resources('shorewall::params',$params,$params_defaults)
create_resources('shorewall::params4',$params4,$params_defaults)
create_resources('shorewall::params6',$params6,$params_defaults)
create_resources('shorewall::tcdevices',$tcdevices,$tcdevices_defaults)
create_resources('shorewall::tcrules',$tcrules,$tcrules_defaults)
create_resources('shorewall::tcclasses',$tcclasses,$tcclasses_defaults)
create_resources('shorewall::tunnel',$tunnels,$tunnels_defaults)
create_resources('shorewall::rtrules',$rtrules,$rtrules_defaults)
}
|
