-unless node.interfaces(:family => :inet6).empty?
- package "shorewall6"
-
- template "/etc/default/shorewall6" do
- source "shorewall-default.erb"
- owner "root"
- group "root"
- mode "644"
- notifies :restart, "service[shorewall6]"
- end
-
- template "/etc/shorewall6/shorewall6.conf" do
- source "shorewall6.conf.erb"
- owner "root"
- group "root"
- mode "644"
- notifies :restart, "service[shorewall6]"
- end
-
- template "/etc/shorewall6/zones" do
- source "shorewall-zones.erb"
- owner "root"
- group "root"
- mode "644"
- variables :type => "ipv6"
- notifies :restart, "service[shorewall6]"
- end
-
- template "/etc/shorewall6/interfaces" do
- source "shorewall6-interfaces.erb"
- owner "root"
- group "root"
- mode "644"
- notifies :restart, "service[shorewall6]"
- end
-
- template "/etc/shorewall6/hosts" do
- source "shorewall6-hosts.erb"
- owner "root"
- group "root"
- mode "644"
- variables :zones => zones
- notifies :restart, "service[shorewall6]"
- end
-
- template "/etc/shorewall6/conntrack" do
- source "shorewall-conntrack.erb"
- owner "root"
- group "root"
- mode "644"
- notifies :restart, "service[shorewall6]"
- only_if { node[:networking][:firewall][:raw] }
- end
-
- template "/etc/shorewall6/policy" do
- source "shorewall-policy.erb"
- owner "root"
- group "root"
- mode "644"
- notifies :restart, "service[shorewall6]"
- end
-
- template "/etc/shorewall6/rules" do
- action :nothing
- source "shorewall-rules.erb"
- owner "root"
- group "root"
- mode "644"
- variables :family => "inet6"
- notifies :restart, "service[shorewall6]"
- end
-
- notify_group "shorewall6-rules" do
- action :run
- notifies :create, "template[/etc/shorewall6/rules]"
- end
-
- service "shorewall6" do
- action [:enable, :start]
- supports :restart => true
- status_command "shorewall6 status"
- end
-
- template "/etc/logrotate.d/shorewall6" do
- source "logrotate.shorewall.erb"
- owner "root"
- group "root"
- mode "644"
- variables :name => "shorewall6"
- end
-
- firewall_rule "limit-icmp6-echo" do