From 77ef3216c06b3c501dd63a8df9a7e5561ffc7992 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Fri, 20 Nov 2015 23:01:37 +0100
Subject: check shorewall daily on problems to alert if a rule won't compile

---
 manifests/base.pp | 24 ++++++++++++++++++++++++
 manifests/init.pp |  1 +
 2 files changed, 25 insertions(+)

diff --git a/manifests/base.pp b/manifests/base.pp
index 41348ef..0cf3dc6 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -50,4 +50,28 @@ class shorewall::base {
     hasrestart => true,
     require    => Package['shorewall'],
   }
+
+  file{'/etc/cron.daily/shorewall_check':}
+  if $shorewall::daily_check {
+    File['/etc/cron.daily/shorewall_check']{
+      content => '#!/bin/bash
+
+output=$(shorewall check 2>&1)
+if [ $? -gt 0 ]; then
+  echo "Error while checking firewall!"
+  echo $output
+  exit 1
+fi
+exit 0
+',
+      owner   => root,
+      group   => 0,
+      mode    => '0700',
+      require => Service['shorewall'],
+    }
+  } else {
+    File['/etc/cron.daily/shorewall_check']{
+      ensure => absent,
+    }
+  }
 }
diff --git a/manifests/init.pp b/manifests/init.pp
index cfca3c3..27f9c4c 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -45,6 +45,7 @@ class shorewall(
   $tunnels_defaults           = {},
   $rtrules                    = {},
   $rtrules_defaults           = {},
+  $daily_check                = true,
 ) {
 
   case $::operatingsystem {
-- 
cgit v1.2.3