Support Shorewall V5

[hwhesselink]

PR progress checklist (to be filled in by reviewers)

• [ ] Changes to documentation are appropriate (or tick if not required)
• [ ] Changes to tests are appropriate (or tick if not required)
• [ ] Reviews completed

---

What type of PR is this?

Primary type

• [ ] [build] Changes related to the build system
• [ ] [chore] Changes to the build process or auxiliary tools and libraries such as documentation generation
• [ ] [ci] Changes to the continuous integration configuration
• [x] [feat] A new feature
• [x] [fix] A bug fix
• [ ] [perf] A code change that improves performance
• [ ] [refactor] A code change that neither fixes a bug nor adds a feature
• [ ] [revert] A change used to revert a previous commit
• [ ] [style] Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)

Secondary type

• [ ] [docs] Documentation changes
• [ ] [test] Adding missing or correcting existing tests

Does this PR introduce a BREAKING CHANGE?

No.

Related issues and/or pull requests

Describe the changes you're proposing

Update the formula to handle version 5:

• fix pillar bug (has 2x tcrules section, first one should be mangle)
• add examples in pillar for new and renamed v5 files
• improved IPv6 handling
• only process files relevant for the version (e.g. don't generate masq file for v5)

Pillar / config required to test the proposed changes

Debug log showing how the proposed changes work

Documentation checklist

• [ ] Updated the README (e.g. Available states).
• [x] Updated pillar.example.

Testing checklist

• [ ] Included in Kitchen (i.e. under state_top).
• [ ] Covered by new/existing tests (e.g. InSpec, Serverspec, etc.).
• [ ] Updated the relevant test pillar.

Additional context

[pull-assistant[bot]]

Best reviewed: commit by commit

---

Optimal code review plan (2 commits squashed)

     update for Shorewall version 5.x      drop unsupported routestopped, tcrules in >= 5.0

delete options not s... ... use macro for cleane...

> Squashed 2 commits: > - delete options not supported in ipv6 > - use macro for cleaner version of previous delta

     undo overeager part of merge from all_patches      Merge pull request #11 from hwhesselink/python3      Merge branch 'ap' into v5      default to '-' for all unset fields      Merge remote-tracking branch 'upstream/master' into v5

Powered by Pull Assistant. Last update 8acb4cc ... 557287b. Read the comment docs.

[myii]

Thanks for the PR, @hwhesselink -- apologies for the delayed response. Let see if we can get any reviews from previous contributors.

@n-rodriguez You've contributed to this formula before, would you be able to have a quick look at this PR to see all is OK?

If not, perhaps we can find some other method to ensure this formula is maintained.

[n-rodriguez]

@myii sorry for the delayed answer. Actually I don't use shorewall anymore (I use ufw) so I'm not sure I'm the right person to review this PR. Maybe @daks still using it?

[daks]

Nope, I don't use it anymore, using straight iptables now.

[myii]

@hwhesselink Do you have a plan for further PRs? If so, I might consider adding all of the standardised structure and CI to make things easier to review, etc. Otherwise, perhaps we can just merge this as-is.

[hwhesselink]

@myii The core Shorewall developer stepped down last year https://sourceforge.net/p/shorewall/mailman/message/36589783/ and it appears to be in maintenance mode, so I doubt I'll be submitting further (major) PRs. Given that the kernel seems to be moving away from iptables I don't expect anyone else to pick up development. So maybe just merge as-is and I'll fix issues if they arise.

[myii]

@hwhesselink Thanks for the patience -- merged. Thanks to all others for their feedback, as well.