This allows us to avoid deferring the creation of the shorewall
configuration and hence prevent it restarting with a partial set
of rules when something else fails.
end
template "/etc/shorewall/rules" do
end
template "/etc/shorewall/rules" do
source "shorewall-rules.erb"
owner "root"
group "root"
source "shorewall-rules.erb"
owner "root"
group "root"
notifies :restart, "service[shorewall]"
end
notifies :restart, "service[shorewall]"
end
-notify_group "shorewall-rules" do
- action :run
- notifies :create, "template[/etc/shorewall/rules]"
-end
-
if node[:networking][:firewall][:enabled]
service "shorewall" do
action [:enable, :start]
if node[:networking][:firewall][:enabled]
service "shorewall" do
action [:enable, :start]
end
template "/etc/shorewall6/rules" do
end
template "/etc/shorewall6/rules" do
source "shorewall-rules.erb"
owner "root"
group "root"
source "shorewall-rules.erb"
owner "root"
group "root"
notifies :restart, "service[shorewall6]"
end
notifies :restart, "service[shorewall6]"
end
- notify_group "shorewall6-rules" do
- action :run
- notifies :create, "template[/etc/shorewall6/rules]"
- end
-
if node[:networking][:firewall][:enabled]
service "shorewall6" do
action [:enable, :start]
if node[:networking][:firewall][:enabled]
service "shorewall6" do
action [:enable, :start]
property :connection_limit, :kind_of => [String, Integer], :default => "-"
property :helper, :kind_of => String, :default => "-"
property :connection_limit, :kind_of => [String, Integer], :default => "-"
property :helper, :kind_of => String, :default => "-"
+property :compile_time, TrueClass, :default => true
+
action :accept do
add_rule :accept
end
action :accept do
add_rule :accept
end