*masq-source address wurde von "name" genomme: absolut verwirrend... korrektur: neue...

*richtige anwendung von SECTION am anfang von rule

git-svn-id: https://svn/ipuppet/trunk/modules/shorewall@118 d66ca3ae-40d7-4aa7-90d4-87d79ca94279

diff --git a/files/boilerplate/rules.header b/files/boilerplate/rules.header
index e6b19738dceea6eaa9c959e47222b678e2985af9..7079719ccd8aaaa2e7b37e5e47fcbe98ef5fe89a 100644 (file)
--- a/files/boilerplate/rules.header
+++ b/files/boilerplate/rules.header
@@ -8,4 +8,4 @@
 #############################################################################################################
 #ACTION SOURCE          DEST            PROTO   DEST    SOURCE          ORIGINAL        RATE            USER/   MARK
 #                                               PORT    PORT(S)         DEST            LIMIT           GROUP
-SECTION NEW
+#SECTION NEW

diff --git a/manifests/init.pp b/manifests/init.pp
index 5cb3c5efaceeb688ff17e5fea6bb4bc492f87a91..128e3300291439449b0e703cd7a88cecff2a4414 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -140,9 +140,11 @@ class shorewall {
        # See http://www.shorewall.net/3.0/Documentation.htm#Masq
        managed_file{ masq: }
        # mark is new in 3.4.4
-       define masq($interface, $address, $proto = '-', $port = '-', $ipsec = '-', $mark = '') {
-               entry { "masq.d/${name}":
-                       line => "${interface} ${name} ${address} ${proto} ${port} ${ipsec} ${mark}"
+       # source (= subnet) = Set of hosts that you wish to masquerade.
+       # address = If  you  specify  an  address here, SNAT will be used and this will be the source address.
+       define masq($interface, $source, $address = '-', $proto = '-', $port = '-', $ipsec = '-', $mark = '', $order='100' ) {
+               entry { "masq.d/${order}-${name}":
+                       line => "${interface} ${source} ${address} ${proto} ${port} ${ipsec} ${mark}"
                }
        }