From 1938c72b93d75199720b051f663c4695c9973a0d Mon Sep 17 00:00:00 2001
From: Attila Fazekas <afazekas@redhat.com>
Date: Fri, 11 Jul 2014 17:24:43 +0200
Subject: [PATCH] iptables on fedora

The systemd version of iptables requires the 'iptables-services' package
for having the `regular` iptables rule restore on service startup.

The service also needs to be enabled explicitly.

Another iptables related issue with multinode_setup.sh,
tries to executes the iptables command without login shell.

The non-login shell does not contains /usr/sbin in PATH,
so multinode_setup.sh changed to use login shell defaults.

Warning: This change enables the iptables service on all
distribution.

Change-Id: I3174e43b3b19e28073a4364dd0f66fc39b0fa815
---
 manifests/init.pp   |  1 +
 manifests/params.pp | 26 ++++++++++++++++++++++++--
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 576ce16..b6448a6 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -36,6 +36,7 @@ class iptables(
       hasstatus  => $::iptables::params::service_has_status,
       status     => $::iptables::params::service_status_cmd,
       hasrestart => $::iptables::params::service_has_restart,
+      enable     => true,
     }
     $notify_iptables = Service['iptables']
   }
diff --git a/manifests/params.pp b/manifests/params.pp
index b825177..6c9f308 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -5,14 +5,36 @@
 class iptables::params {
   case $::osfamily {
     'RedHat': {
-      $package_name = 'iptables'
+      case $::operatingsystem {
+        'Fedora': {
+          $package_name = 'iptables-services'
+          $service_has_restart = true
+        }
+        'RedHat','CentOS','Scientific': {
+            case $::operatingsystemrelease {
+              /^7/: {
+                $package_name = 'iptables-services'
+                $service_has_restart = true
+              }
+              /^6/: {
+                $package_name = 'iptables'
+                $service_has_restart = false
+              }
+              default: {
+                fail("Unsupported operatingsystemrelease: ${::operatingsystemrelease} The 'iptables' module recognize only 6, 7 as RedHat major versions.")
+              }
+          }
+        }
+        default: {
+          fail("Unsupported operatingsystem: ${::operatingsystem} The 'iptables' module with RedHat osfamily.")
+        }
+      }
       $service_name = 'iptables'
       $rules_dir = '/etc/sysconfig'
       $ipv4_rules = '/etc/sysconfig/iptables'
       $ipv6_rules = '/etc/sysconfig/ip6tables'
       $service_has_status = true
       $service_status_cmd = undef
-      $service_has_restart = false
     }
     'Debian': {
       $package_name = 'iptables-persistent'