check shorewall daily on problems to alert if a rule won't compile

diff --git a/manifests/base.pp b/manifests/base.pp
index 41348ef366a03be5320e6167d23644b75cf941f6..0cf3dc6fd0208e025afcb5750dbf9b8ce410c981 100644 (file)
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -50,4 +50,28 @@ class shorewall::base {
     hasrestart => true,
     require    => Package['shorewall'],
   }
+
+  file{'/etc/cron.daily/shorewall_check':}
+  if $shorewall::daily_check {
+    File['/etc/cron.daily/shorewall_check']{
+      content => '#!/bin/bash
+
+output=$(shorewall check 2>&1)
+if [ $? -gt 0 ]; then
+  echo "Error while checking firewall!"
+  echo $output
+  exit 1
+fi
+exit 0
+',
+      owner   => root,
+      group   => 0,
+      mode    => '0700',
+      require => Service['shorewall'],
+    }
+  } else {
+    File['/etc/cron.daily/shorewall_check']{
+      ensure => absent,
+    }
+  }
 }

diff --git a/manifests/init.pp b/manifests/init.pp
index cfca3c3429632aead5299319ffc69873a99c482d..27f9c4c2a45249108d54be8f3018810bb96648ac 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -45,6 +45,7 @@ class shorewall(
   $tunnels_defaults           = {},
   $rtrules                    = {},
   $rtrules_defaults           = {},
+  $daily_check                = true,
 ) {
 
   case $::operatingsystem {