Added Shorewall version check, specifically for rules to (not) include a...

Added Shorewall version check, specifically for rules to (not) include a questionmark for sections (Ubuntu 14.04 LTS)

Added Shorewall version check, specifically for rules to (not) include a...
Added Shorewall version check, specifically for rules to (not) include a questionmark for sections (Ubuntu 14.04 LTS)
08c6dada · Mike Green · 2236b091 · 08c6dada · 08c6dada · 08c6dada
Unverified Commit 08c6dada authored Mar 01, 2017 by Mike Green
--- a/tasks/shorewall.yml
+++ b/tasks/shorewall.yml
@@ -3,7 +3,7 @@

 - name: Gather Shorewall configuration variables
  set_fact:
-    shorewall_conf: "{{ shorewall_conf_base|combine(shorewall_conf) }}"
+    shorewall_conf: "{{ shorewall_conf_base|combine(shorewall_conf) }}"   

 - name: Install Shorewall and dependencies
  package:
@@ -16,6 +16,15 @@
    - packages

 - block:
+  - name: Obtain Shorewall version
+    command: shorewall version
+    register: shorewall_version_result
+    changed_when: False
+
+  - name: Convert Shorewall version var
+    set_fact:
+      shorewall_version: "{{ '.'.join( (shorewall_version_result.stdout.split('.') | default([0,0]))[:2] ) }}"
+
  - name: Generate Shorewall configuration files
    template:
      dest: "/etc/shorewall/{{ item }}"

--- a/tasks/shorewall6.yml
+++ b/tasks/shorewall6.yml
@@ -16,6 +16,15 @@
    - packages

 - block:
+  - name: Obtain Shorewall6 version
+    command: shorewall6 version
+    register: shorewall6_version_result
+    changed_when: False
+
+  - name: Convert Shorewall6 version var
+    set_fact:
+      shorewall6_version: "{{ '.'.join( (shorewall6_version_result.stdout.split('.') | default([0,0]))[:2] ) }}"
+
  - name: Generate Shorewall6 configuration files
    template:
      dest: "/etc/shorewall6/{{ item }}"

--- a/templates/shorewall/rules.j2
+++ b/templates/shorewall/rules.j2
@@ -11,7 +11,7 @@
 #                             PORT  PORT(S)  DEST      LIMIT  GROUP

 {% for section in shorewall_rules %}
-?SECTION {{ section.section }}
+{{ '' if (shorewall_version|float < 4.6) else '?' }}SECTION {{ section.section }}
 {% for rule in section.rules %}
 {{ rule.action | default('-') }} {{ rule.source | default('-') }} {{ rule.dest | default('-') }} {{ rule.proto | default('-') }} {{ rule.dest_port | default('-') }} {{ rule.source_port | default('-') }} {{ rule.original_dest | default('-') }} {{ rule.rate_limit | default('-') }} {{ rule.user_group | default('-') }} {{ rule.mark | default('-') }} {{ rule.connlimit | default('-') }} {{ rule.time | default('-') }} {{ rule.headers | default('-') }} {{ rule.switch | default('-') }} {{ rule.helper | default('-') }}
 {% endfor %}

--- a/templates/shorewall6/rules.j2
+++ b/templates/shorewall6/rules.j2
@@ -11,7 +11,7 @@
 #                             PORT  PORT(S)  DEST      LIMIT  GROUP

 {% for section in shorewall6_rules %}
-?SECTION {{ section.section }}
+{{ '' if (shorewall6_version|float < 4.6) else '?' }}SECTION {{ section.section }}
 {% for rule in section.rules %}
 {{ rule.action | default('-') }} {{ rule.source | default('-') }} {{ rule.dest | default('-') }} {{ rule.proto | default('-') }} {{ rule.dest_port | default('-') }} {{ rule.source_port | default('-') }} {{ rule.original_dest | default('-') }} {{ rule.rate_limit | default('-') }} {{ rule.user_group | default('-') }} {{ rule.mark | default('-') }} {{ rule.connlimit | default('-') }} {{ rule.time | default('-') }} {{ rule.headers | default('-') }} {{ rule.switch | default('-') }} {{ rule.helper | default('-') }}
 {% endfor %}