Merge branch 'feature/Add_support_for_mangle_table' into 'master'

Add support for mangle table.

When using the kernel from Debian Wheezy-backports (3.16.0-0.bpo.4-amd64), we encoutered a bug where shorewall was breaking the libvirt DHCP if restarted after it.

It seems that one has to add a rule in the POSTROUTING chain of the mangle table to --checksum-fill the DHCP packets for them to be properly catch by the VMs DHCP clients.

So we had to add support of the mangle table to the shared puppet module to fix that.

This patch does just that, and is meant to be used by the other branch I'll propose after.

See merge request !1

2 files changed, 21 insertions, 0 deletions

diff --git a/manifests/init.pp b/manifests/init.pp
index cd6488b..a567564 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -68,6 +68,8 @@ class shorewall(
       'tunnel',
       # See http://www.shorewall.net/MultiISP.html
       'rtrules',
+      # See http://www.shorewall.net/manpages/shorewall-mangle.html
+      'mangle',
     ]:;
   }
 }
diff --git a/manifests/mangle.pp b/manifests/mangle.pp
new file mode 100644
index 0000000..e3fd1b3
--- /dev/null
+++ b/manifests/mangle.pp
@@ -0,0 +1,19 @@
+define shorewall::mangle(
+  $source,
+  $destination,
+  $proto           = '-',
+  $destinationport = '-',
+  $sourceport      = '-',
+  $user            = '-',
+  $test            = '-',
+  $length          = '-',
+  $tos             = '-',
+  $connbytes       = '-',
+  $helper          = '-',
+  $headers         = '-',
+  $order           = '100'
+){
+  shorewall::entry{"mangle-${order}-${name}":
+    line => "${name} ${source} ${destination} ${proto} ${destinationport} ${sourceport} ${user} ${test} ${length} ${tos} ${connbytes} ${helper} ${headers}"
+  }
+}