added $shorewall_startup variable to disable startup, enabled by default

diff --git a/README b/README
index 8f58191513af2dbe86ad0ac149e8a7efb05702fb..a0e54ec817701b494c523c7227f24c923224b2ef 100644 (file)
--- a/README
+++ b/README
@@ -21,6 +21,7 @@ Example
 Example from node.pp:
 
 node xy {
+       $shorewall_startup="0"  # create shorewall ruleset but don't startup
        include config::site-shorewall
        shorewall::rule {
                'incoming-ssh': source => 'all', destination => '$FW',  action  => 'SSH/ACCEPT', order => 200;

diff --git a/manifests/debian.pp b/manifests/debian.pp
index 2583d85e026dc1abc3abf2b6932b14e885314dba..d2ba35dae4f037901e8d29b463348f3e9faeb571 100644 (file)
--- a/manifests/debian.pp
+++ b/manifests/debian.pp
@@ -1,6 +1,7 @@
 class shorewall::debian inherits shorewall::base {
     file{'/etc/default/shorewall':
-        source => "puppet://$server/modules/shorewall/debian/default",
+        #source => "puppet://$server/modules/shorewall/debian/default",
+       content => template("shorewall/debian_default.erb"),
         require => Package['shorewall'],
         notify => Service['shorewall'],
         owner => root, group => 0, mode => 0644;

diff --git a/files/debian/default b/templates/debian_default.erb
similarity index 84%
rename from files/debian/default
rename to templates/debian_default.erb
index ba89cdc2b49860637cf79d10338cbffd96570b33..1a76fd67cd2b19e9fd4efc229358a2c38c97b8c3 100644 (file)
--- a/files/debian/default
+++ b/templates/debian_default.erb
@@ -1,7 +1,13 @@
 # prevent startup with default configuration
 # set the following varible to 1 in order to allow Shorewall to start
 
+# This file is brought to you by puppet
+
+<% if (shorewall_startup == "0" ) -%>
+startup=0
+<% else -%>
 startup=1
+<% end -%>
 
 # if your Shorewall configuration requires detection of the ip address of a ppp
 # interface, you must list such interfaces in "wait_interface" to get Shorewall to