diff options
author | mh <mh@immerda.ch> | 2013-01-02 19:46:18 +0100 |
---|---|---|
committer | mh <mh@immerda.ch> | 2013-01-02 19:46:18 +0100 |
commit | 3d2e75b8b438dff6f32ce22664b148b6a5ca365e (patch) | |
tree | 8776b0c07243096a00dc2d0f18752a958895414d /README | |
parent | 58103ed409fc61d8e653babb73fcaf510969f3db (diff) | |
parent | e511291a111db7a7d88a8820c5423aa5b92304e0 (diff) | |
download | puppet-shorewall-3d2e75b8b438dff6f32ce22664b148b6a5ca365e.tar.gz puppet-shorewall-3d2e75b8b438dff6f32ce22664b148b6a5ca365e.tar.bz2 |
Merge remote-tracking branch 'riseup/master'
Conflicts:
files/shorewall.conf.CentOS.6
files/shorewall.conf.Debian.wheezy
Diffstat (limited to 'README')
-rw-r--r-- | README | 31 |
1 files changed, 31 insertions, 0 deletions
@@ -35,6 +35,37 @@ installed instead: $shorewall_ensure_version = "4.0.15-1" +The main shorewall.conf is not managed by this module, rather the default one +that your operatingsystem provides is used, and any modifications you wish to do +to it should be configured with augeas, for example, to set IP_FORWARDING=Yes in +shorewall.conf, simply do this: + + augeas { 'enable_ip_forwarding': + changes => 'set /files/etc/shorewall/shorewall.conf/IP_FORWARDING Yes', + lens => 'Shellvars.lns', + incl => '/etc/shorewall/shorewall.conf', + notify => Service[shorewall]; + } + +NOTE: this requires the augeas ruby bindings newer than 0.7.3. + +If you need to, you can provide an entire shorewall.conf by overriding the file +resource, for example: + +class site_shorewall::config inherits shorewall::base { + + File["/etc/shorewall/shorewall.conf"] { + source => "puppet:///modules/site_shorewall/${::fqdn}/shorewall.conf.${::operatingsystem}", + } +} + +NOTE: if you distribute a file, you cannot also use augeas, puppet and augeas +will fight forever. Secondly, you will *need* to make sure that if you are shipping your own +shorewall.conf that you have the following value set in your shorewall.conf otherwise this +module will not work: + + CONFIG_PATH="/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall" + Documentation ------------- |