manifests/interface.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

# manage a shorewall-interface entry
# http://www.shorewall.net/manpages/shorewall-interfaces.html
define shorewall::interface(
  $zone,
  $broadcast   = 'detect',
  $options     = 'tcpflags,blacklist,routefilter,nosmurfs,logmartians',
  $add_options = '',
  $rfc1918     = false,
  $dhcp        = false,
  $order       = 100,
){
  $added_opts = $add_options ? {
    ''      => '',
    default => ",${add_options}",
  }

  $dhcp_opt = $dhcp ? {
    false   => '',
    default => ',dhcp',
  }

  if versioncmp($shorewall_version,'4.5') < 0 {
    $rfc1918_opt = $rfc1918 ? {
      false   => ',norfc1918',
      default => '',
    }
  } else {
    $rfc1918_opt = ''
  }
  $all_options = "${options}${dhcp_opt}${rfc1918_opt}${added_opts}"
  if versioncmp($shorewall_version,'4.5') >= 0 {
    $all_options1 = regsubst($all_options,',(no)?rfc1918','')
  } else {
    $all_options1 = $all_options
  }
  if versioncmp($shorewall_major_version,'5') >= 0 {
    $all_options2 = regsubst($all_options1,',blacklist','')
  } else {
    $all_options2 = $all_options1
  }

  shorewall::entry { "interfaces-${order}-${name}":
    line       => "${zone} ${name} ${broadcast} ${all_options2}",
    shorewall  => true,
    shorewall6 => false,
  }
  if $shorewall::with_shorewall6 {
    # logmartians is not available on shorewall6
    $all_options3 = regsubst($all_options2,',logmartians','')
    shorewall::entry { "interfaces-${order}-${name}_6":
      line       => "${zone} ${name} ${all_options3}",
      shorewall  => false,
      shorewall6 => true,
    }
  }
}