2f07b9f5c2
v1.0.2 48bb506853b3364969a6148e26861302872d1c31 Closes-bug: #1318613 Change-Id: I8f691ef7f46682d00760fcb66b0b7bf673efae0b Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
45 lines
1.3 KiB
Puppet
45 lines
1.3 KiB
Puppet
# = Class: firewall::linux::debian
|
|
#
|
|
# Installs the `iptables-persistent` package for Debian-alike systems. This
|
|
# allows rules to be stored to file and restored on boot.
|
|
#
|
|
# == Parameters:
|
|
#
|
|
# [*ensure*]
|
|
# Ensure parameter passed onto Service[] resources.
|
|
# Default: running
|
|
#
|
|
# [*enable*]
|
|
# Enable parameter passed onto Service[] resources.
|
|
# Default: true
|
|
#
|
|
class firewall::linux::debian (
|
|
$ensure = running,
|
|
$enable = true
|
|
) {
|
|
package { 'iptables-persistent':
|
|
ensure => present,
|
|
}
|
|
|
|
if($::operatingsystemrelease =~ /^6\./ and $enable == true
|
|
and versioncmp($::iptables_persistent_version, '0.5.0') < 0 ) {
|
|
# This fixes a bug in the iptables-persistent LSB headers in 6.x, without it
|
|
# we lose idempotency
|
|
exec { 'iptables-persistent-enable':
|
|
logoutput => on_failure,
|
|
command => '/usr/sbin/update-rc.d iptables-persistent enable',
|
|
unless => '/usr/bin/test -f /etc/rcS.d/S*iptables-persistent',
|
|
require => Package['iptables-persistent'],
|
|
}
|
|
} else {
|
|
# This isn't a real service/daemon. The start action loads rules, so just
|
|
# needs to be called on system boot.
|
|
service { 'iptables-persistent':
|
|
ensure => undef,
|
|
enable => $enable,
|
|
hasstatus => true,
|
|
require => Package['iptables-persistent'],
|
|
}
|
|
}
|
|
}
|