iptables on fedora

The systemd version of iptables requires the 'iptables-services' package
for having the `regular` iptables rule restore on service startup.

The service also needs to be enabled explicitly.

Another iptables related issue with multinode_setup.sh,
tries to executes the iptables command without login shell.

The non-login shell does not contains /usr/sbin in PATH,
so multinode_setup.sh changed to use login shell defaults.

Warning: This change enables the iptables service on all
distribution.

Change-Id: I3174e43b3b19e28073a4364dd0f66fc39b0fa815
This commit is contained in:
Attila Fazekas 2014-07-11 17:24:43 +02:00
parent 6ca8392c27
commit 1938c72b93
2 changed files with 25 additions and 2 deletions

View File

@ -36,6 +36,7 @@ class iptables(
hasstatus => $::iptables::params::service_has_status,
status => $::iptables::params::service_status_cmd,
hasrestart => $::iptables::params::service_has_restart,
enable => true,
}
$notify_iptables = Service['iptables']
}

View File

@ -5,14 +5,36 @@
class iptables::params {
case $::osfamily {
'RedHat': {
$package_name = 'iptables'
case $::operatingsystem {
'Fedora': {
$package_name = 'iptables-services'
$service_has_restart = true
}
'RedHat','CentOS','Scientific': {
case $::operatingsystemrelease {
/^7/: {
$package_name = 'iptables-services'
$service_has_restart = true
}
/^6/: {
$package_name = 'iptables'
$service_has_restart = false
}
default: {
fail("Unsupported operatingsystemrelease: ${::operatingsystemrelease} The 'iptables' module recognize only 6, 7 as RedHat major versions.")
}
}
}
default: {
fail("Unsupported operatingsystem: ${::operatingsystem} The 'iptables' module with RedHat osfamily.")
}
}
$service_name = 'iptables'
$rules_dir = '/etc/sysconfig'
$ipv4_rules = '/etc/sysconfig/iptables'
$ipv6_rules = '/etc/sysconfig/ip6tables'
$service_has_status = true
$service_status_cmd = undef
$service_has_restart = false
}
'Debian': {
$package_name = 'iptables-persistent'