Merge pull request #35 from Dan33l/ip_versions

permit to choose ipv4, ipv6 or both

2 files changed, 13 insertions, 3 deletions

diff --git a/manifests/config.pp b/manifests/config.pp
index 1736fa6..23ed390 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -5,6 +5,8 @@ class ferm::config {
   # this is a private class
   assert_private("You're not supposed to do that!")
 
+  $_ip = join($ferm::ip_versions, ' ')
+
   # copy static files to ferm
   # on a long term point of view, we want to package this
   file{'/etc/ferm.d':
@@ -29,7 +31,11 @@ class ferm::config {
 
     concat::fragment{'ferm.conf':
       target  => $ferm::configfile,
-      content => epp("${module_name}/ferm.conf.epp"),
+      content => epp(
+        "${module_name}/ferm.conf.epp", {
+          'ip' => $_ip,
+          }
+      ),
       order   => '50',
     }
   }
diff --git a/manifests/init.pp b/manifests/init.pp
index 82f163c..a8b886d 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -2,9 +2,10 @@
 #
 # This class manages ferm installation and rule generation on modern linux systems
 #
-# @example deploy ferm and start it
+# @example deploy ferm and start it, on node with only ipv6 enabled
 # class{'ferm':
-#   manage_service =>  true,
+#   manage_service => true,
+#   ip_versions    =>  ['ip6'],
 # }
 #
 # @param manage_service Disable/Enable the management of the ferm daemon
@@ -40,6 +41,8 @@
 # @param input_log_dropped_packets Enable/Disable logging in the INPUT chain of packets to the kernel log, if no explicit chain matched
 #   Default value: false
 #   Allowed values: (true|false)
+# @param ip_versions Set list of versions of ip we want ot use.
+#   Default value: ['ip', 'ip6']
 class ferm (
   Boolean $manage_service,
   Boolean $manage_configfile,
@@ -52,6 +55,7 @@ class ferm (
   Boolean $output_log_dropped_packets,
   Boolean $input_log_dropped_packets,
   Hash $rules,
+  Array[Enum['ip','ip6']] $ip_versions,
 ) {
   contain ferm::install
   contain ferm::config