From: Grant Slater <git@firefishy.com>
Date: Wed, 25 Aug 2021 16:52:40 +0000 (+0100)
Subject: Add shorewall stoppedrules support
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/f71ac318c6866183a879adda1c7ecef007a74924

Add shorewall stoppedrules support
---

diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb
index 41daefe7e..c76d47e3e 100644
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -443,6 +443,14 @@ template "/etc/shorewall/rules" do
   notifies :restart, "service[shorewall]"
 end
 
+template "/etc/shorewall/stoppedrules" do
+  source "shorewall-stoppedrules.erb"
+  owner "root"
+  group "root"
+  mode "644"
+  notifies :restart, "service[shorewall]"
+end
+
 if node[:networking][:firewall][:enabled]
   service "shorewall" do
     action [:enable, :start]
diff --git a/cookbooks/networking/templates/default/shorewall-stoppedrules.erb b/cookbooks/networking/templates/default/shorewall-stoppedrules.erb
new file mode 100644
index 000000000..276e00a4c
--- /dev/null
+++ b/cookbooks/networking/templates/default/shorewall-stoppedrules.erb
@@ -0,0 +1,2 @@
+ACCEPT	-	-
+ACCEPT	-	$FW