modules: shorewall: Small fixups to improve the module

These are some common fixes and improvements for normal shorewall usage.
As we shake out more uses of this, we find small issues. This lets us
have long rules, and a better default config.

modules/shorewall/files/shorewall.conf.tmpl

@@ -189,7 +189,7 @@ IMPLICIT_CONTINUE=No
 
 IPSET_WARNINGS=Yes
 
-IP_FORWARDING=Keep
+IP_FORWARDING=On
 
 KEEP_RT_TABLES=No
 

modules/shorewall/main.mcl

@@ -33,6 +33,20 @@ import "golang"
 import "local"
 import "golang/strings"
 
+
+# Class prepare adds some common things you probably want to run when using this
+# module.
+class prepare() {
+	sysctl "net.ipv4.ip_forward" { # firewalls love this!
+		value => "1",
+	}
+
+	svc "firewalld" { # we don't want this
+		state => "stopped",
+		startup => "disabled",
+	}
+}
+
 # XXX: The templates need a padding function to line up columns.
 class firewall() {
 	pkg "shorewall" {
@@ -302,8 +316,8 @@ class firewall:rule($name, $st) {
 
 	$rule = $st->rule || "" # entire rule contents OR use the below values
 
-	$action = $st->action # REJECT or SSH(ACCEPT) or Ping(DROP)
-	$source = $st->source # source zone
+	$action = $st->action || "" # REJECT or SSH(ACCEPT) or Ping(DROP)
+	$source = $st->source || "" # source zone
 	$source_ips []str = $st->source_ips || []
 	$dest = $st->dest || "" # dest zone
 	$dest_ips []str = $st->dest_ips || []