From 7503162cc491c367b523c20ebde6366deaa486b9 Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Thu, 27 Aug 2015 14:28:02 -0700
Subject: [PATCH] Disable firewalld on centos7 and greater

Firewalld is enabled by default on centos7. Unfortunately
iptables-service and firewalld appear to confuse each other resulting in
no firewall rules at all. Fix this by disabling firewalld allowing
iptables-service to be in charge and apply the rules it has configured.

Change-Id: I0089502b134c91ef2e8d11cef1e016ce314ecf96
---
 manifests/init.pp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/manifests/init.pp b/manifests/init.pp
index 81f4a1f..01de6b7 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -39,6 +39,17 @@ class iptables(
       enable     => true,
     }
     $notify_iptables = Service['iptables']
+
+    # On centos 7 firewalld and iptables-service confuse each other and you
+    # end up with no firewall rules at all. Disable firewalld so that
+    # iptables-service can be in charge.
+    if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease >= '7') {
+      service { 'firewalld':
+        ensure => 'stopped',
+        enable => false,
+        before => Package['iptables'],
+      }
+    }
   }
 
   file { $::iptables::params::rules_dir: