Added CentOS7 as possible OS and added possibility to add comments to rules file

defaults/main.yml

@@ -130,6 +130,7 @@ shorewall_rules:
           - 22
           - 80
           - 443
+        comments: "this rule is for ssh, http and https traffic"
       - source: net
         dest: $FW
         action: ACCEPT

handlers/main.yml

@@ -13,3 +13,10 @@
     name: shorewall
     state: restarted
   become: true
+  notify: restart docker daemon required
+
+# WORKAROUND: When (re)starting shorewall, the DOCKER related chains are corrupted. Set this flag here, and check in
+#             the dh.docker role to actually restart the daemon
+- name: restart docker daemon required
+  set_fact:
+    restart_docker_daemon_required: true

tasks/main.yml

@@ -2,8 +2,11 @@
 # tasks file for ansible-shorewall
 - include_tasks: set_facts.yml
 
-- include: debian.yml
+- include_tasks: debian.yml
   when: ansible_os_family == "Debian"
 
+- include_tasks: redhat.yml
+  when: ansible_os_family == "RedHat"
+
 - include: config_shorewall.yml
   when: shorewall_config|bool

tasks/redhat.yml

@@ -0,0 +1,6 @@
+---
+- name: RedHat | Installing Shorewall
+  yum:
+    name: shorewall
+    state: present
+  become: true

tasks/set_facts.yml

@@ -3,32 +3,34 @@
   set_fact:
     shorewall_version: 4
   when: >
-    ansible_distribution == "Debian" and
-    ansible_distribution_version|int < 9
+    ansible_distribution == "Debian" and ansible_distribution_version|int < 9
 
 - name: set_facts | Setting Shorewall Version
   set_fact:
     shorewall_version: 5
   when: >
-    (ansible_distribution == 'Debian' and
-    ansible_distribution_version|int >= 9) or
-    (ansible_distribution == 'Ubuntu' and
-    ansible_distribution_version >= '16.04')
+    (ansible_distribution == 'Debian' and ansible_distribution_version|int >= 9) or
+    (ansible_distribution == 'Ubuntu' and ansible_distribution_version >= '16.04') or
+    (ansible_distribution == 'CentOS' and ansible_distribution_version >= '7.0')
 
 - name: set_facts | Setting Shorewall Default Actions/Macros
   set_fact:
     shorewall_default_actions_macros: legacy
   when: >
-    (ansible_distribution == 'Debian' and
-    ansible_distribution_version|int < 10) or
-    (ansible_distribution == 'Ubuntu' and
-    ansible_distribution_version <= '18.04')
+    (ansible_distribution == 'Debian' and ansible_distribution_version|int < 10) or
+    (ansible_distribution == 'Ubuntu' and ansible_distribution_version < '18.04')
 
 - name: set_facts | Setting Shorewall Default Actions/Macros
   set_fact:
     shorewall_default_actions_macros: new
   when: >
-    (ansible_distribution == 'Debian' and
-    ansible_distribution_version|int > 9) or
-    (ansible_distribution == 'Ubuntu' and
-    ansible_distribution_version > '18.04')
+    (ansible_distribution == 'Debian' and ansible_distribution_version|int > 9) or
+    (ansible_distribution == 'Ubuntu' and ansible_distribution_version >= '18.04') or
+    (ansible_distribution == 'CentOS' and ansible_distribution_version >= '7.0')
+
+- name: get docker network id
+  shell: "docker network ls | grep {{ env }}_default | awk '{ print $1 }'"
+  register: docker_netw
+  changed_when: false
+  failed_when: false
+

templates/etc/shorewall/rules.j2

@@ -3,7 +3,8 @@
 ?SECTION {{ item.section }}
 {%   if item.rules is defined %}
 {%     for rule in item.rules %}
-{{ rule.action }}   {{ rule.source }}   {{ rule.dest }}   {{ rule.proto }}   {{ rule.dest_ports|join (',') }}
+{{ rule.action }}   {{ rule.source }}   {{ rule.dest }}   {{ rule.proto }}   {{ rule.dest_ports|join (',') }}    {% if rule.comments is defined %}# {{ rule.comments }} {% endif %}
+
 {%     endfor %}
 {% endif %}
 {% endfor %}