@@ -110,7 +110,11 @@ Specify exceptions to policies, including DNAT and REDIRECT in the `/etc/shorewa
***WARNING***: Please be sure to include a rule for SSH on the correct port, to avoid locking Ansible - and yourself - out from the remote host.
#### Example
#### Using the `when` conditional
An option specific to this role variable. and not part of Shorewall, is the `when` conditional. This allows a rule to be included only if the condition evaluates to True.
Define Masquerade/SNAT in the `/etc/shorewall/masq` file. See the Shorewall [masq man page](http://shorewall.org/manpages/shorewall-masq.html) for more details.
...
...
@@ -145,7 +169,8 @@ Assign any shell variables that you need in the `/etc/shorewall/params` file. Se
### Master Branch
**Changed:* The generated `shorewall_rules` now take into account the `?` prefix that was introduced at Shorewall version 4.6, and therefore will omit it if the installed Shorewall version is older.
- Added: The `shorewall_rules` has an added option `when` for each rule, which acts similar to Ansible's `when` statement and allows rules to be conditional.
-*Changed:* The generated `shorewall_rules` will now take into account the `?` prefix in sections (i.e. `?ESTABLISHED`), which was introduced at Shorewall version 4.6. If the Shorewall version installed is older than 4.6, this prefix will be omitted to avoid errors.