opendev/puppet-iptables
Code Issues Proposed changes

Disable firewalld on centos7 and greater

Browse Source 
Firewalld is enabled by default on centos7. Unfortunately
iptables-service and firewalld appear to confuse each other resulting in
no firewall rules at all. Fix this by disabling firewalld allowing
iptables-service to be in charge and apply the rules it has configured.

Change-Id: I0089502b134c91ef2e8d11cef1e016ce314ecf96
This commit is contained in:
Clark Boylan
2015-08-27 14:28:02 -07:00
parent a2d7123013
commit 7503162cc4
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
manifests/init.pp
View File

@@ -39,6 +39,17 @@ class iptables(
enable => true, enable => true,
} }
$notify_iptables = Service['iptables'] $notify_iptables = Service['iptables']
# On centos 7 firewalld and iptables-service confuse each other and you
# end up with no firewall rules at all. Disable firewalld so that
# iptables-service can be in charge.
if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease >= '7') {
service { 'firewalld':
ensure => 'stopped',
enable => false,
before => Package['iptables'],
}
}
} }
file { $::iptables::params::rules_dir: file { $::iptables::params::rules_dir: