iptables on fedora

The systemd version of iptables requires the 'iptables-services' package for having the `regular` iptables rule restore on service startup. The service also needs to be enabled explicitly. Another iptables related issue with multinode_setup.sh, tries to executes the iptables command without login shell. The non-login shell does not contains /usr/sbin in PATH, so multinode_setup.sh changed to use login shell defaults. Warning: This change enables the iptables service on all distribution. Change-Id: I3174e43b3b19e28073a4364dd0f66fc39b0fa815
2014-07-11 17:24:43 +02:00 · 2014-07-11 17:24:43 +02:00 · 1938c72b93
commit 1938c72b93
parent 6ca8392c27
2 changed files with 25 additions and 2 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -36,6 +36,7 @@ class iptables(
      hasstatus  => $::iptables::params::service_has_status,
      status     => $::iptables::params::service_status_cmd,
      hasrestart => $::iptables::params::service_has_restart,
+      enable     => true,
    }
    $notify_iptables = Service['iptables']
  }
--- a/manifests/params.pp
+++ b/manifests/params.pp
@ -5,14 +5,36 @@
 class iptables::params {
  case $::osfamily {
    'RedHat': {
-      $package_name = 'iptables'
+      case $::operatingsystem {
+        'Fedora': {
+          $package_name = 'iptables-services'
+          $service_has_restart = true
+        }
+        'RedHat','CentOS','Scientific': {
+            case $::operatingsystemrelease {
+              /^7/: {
+                $package_name = 'iptables-services'
+                $service_has_restart = true
+              }
+              /^6/: {
+                $package_name = 'iptables'
+                $service_has_restart = false
+              }
+              default: {
+                fail("Unsupported operatingsystemrelease: ${::operatingsystemrelease} The 'iptables' module recognize only 6, 7 as RedHat major versions.")
+              }
+          }
+        }
+        default: {
+          fail("Unsupported operatingsystem: ${::operatingsystem} The 'iptables' module with RedHat osfamily.")
+        }
+      }
      $service_name = 'iptables'
      $rules_dir = '/etc/sysconfig'
      $ipv4_rules = '/etc/sysconfig/iptables'
      $ipv6_rules = '/etc/sysconfig/ip6tables'
      $service_has_status = true
      $service_status_cmd = undef
-      $service_has_restart = false
    }
    'Debian': {
      $package_name = 'iptables-persistent'