From f71ac318c6866183a879adda1c7ecef007a74924 Mon Sep 17 00:00:00 2001
From: Grant Slater <git@firefishy.com>
Date: Wed, 25 Aug 2021 17:52:40 +0100
Subject: [PATCH] Add shorewall stoppedrules support

---
 cookbooks/networking/recipes/default.rb                   | 8 ++++++++
 .../templates/default/shorewall-stoppedrules.erb          | 2 ++
 2 files changed, 10 insertions(+)
 create mode 100644 cookbooks/networking/templates/default/shorewall-stoppedrules.erb

diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb
index 41daefe7e..c76d47e3e 100644
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -443,6 +443,14 @@ template "/etc/shorewall/rules" do
   notifies :restart, "service[shorewall]"
 end
 
+template "/etc/shorewall/stoppedrules" do
+  source "shorewall-stoppedrules.erb"
+  owner "root"
+  group "root"
+  mode "644"
+  notifies :restart, "service[shorewall]"
+end
+
 if node[:networking][:firewall][:enabled]
   service "shorewall" do
     action [:enable, :start]
diff --git a/cookbooks/networking/templates/default/shorewall-stoppedrules.erb b/cookbooks/networking/templates/default/shorewall-stoppedrules.erb
new file mode 100644
index 000000000..276e00a4c
--- /dev/null
+++ b/cookbooks/networking/templates/default/shorewall-stoppedrules.erb
@@ -0,0 +1,2 @@
+ACCEPT	-	-
+ACCEPT	-	$FW
-- 
2.39.5