1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
# manage a shorewall-interface entry
# http://www.shorewall.net/manpages/shorewall-interfaces.html
define shorewall::interface(
$zone,
$broadcast = 'detect',
$options = 'tcpflags,routefilter,nosmurfs,logmartians',
$add_options = '',
$rfc1918 = false,
$dhcp = false,
$order = 100,
){
$added_opts = $add_options ? {
'' => '',
default => ",${add_options}",
}
$dhcp_opt = $dhcp ? {
false => '',
default => ',dhcp',
}
if versioncmp($shorewall_version,'4.5') < 0 {
$rfc1918_opt = $rfc1918 ? {
false => ',norfc1918',
default => '',
}
} else {
$rfc1918_opt = ''
}
$all_options = "${options}${dhcp_opt}${rfc1918_opt}${added_opts}"
if versioncmp($shorewall_version,'4.5') >= 0 {
$all_options1 = regsubst($all_options,',(no)?rfc1918','')
} else {
$all_options1 = $all_options
}
if versioncmp($shorewall_major_version,'5') >= 0 {
$all_options2 = regsubst($all_options1,',blacklist','')
} else {
$all_options2 = $all_options1
}
shorewall::entry { "interfaces-${order}-${name}":
line => "${zone} ${name} ${broadcast} ${all_options2}",
shorewall => true,
shorewall6 => false,
}
if $shorewall::with_shorewall6 {
# logmartians is not available on shorewall6
$all_options3 = regsubst($all_options2,',logmartians','')
# routefilter is not available in the kernel for ipv6
$all_options4 = regsubst($all_options3,',routefilter','')
shorewall::entry { "interfaces-${order}-${name}_6":
line => "${zone} ${name} ${all_options4}",
shorewall => false,
shorewall6 => true,
}
}
}
|
