$ensure = running,
$ensure_v6 = undef,
$pkg_ensure = present,
- $service_name = $::firewall::params::service_name,
- $service_name_v6 = $::firewall::params::service_name_v6,
- $package_name = $::firewall::params::package_name,
+ $service_name = $firewall::params::service_name,
+ $service_name_v6 = $firewall::params::service_name_v6,
+ $package_name = $firewall::params::package_name,
$ebtables_manage = false,
) inherits ::firewall::params {
$_ensure_v6 = pick($ensure_v6, $ensure)
$ensure = running,
$ensure_v6 = undef,
$pkg_ensure = present,
- $service_name = $::firewall::params::service_name,
- $service_name_v6 = $::firewall::params::service_name_v6,
- $package_name = $::firewall::params::package_name,
+ $service_name = $firewall::params::service_name,
+ $service_name_v6 = $firewall::params::service_name_v6,
+ $package_name = $firewall::params::package_name,
$ebtables_manage = false,
) inherits ::firewall::params {
$enable = $ensure ? {
$_ensure_v6 = pick($ensure_v6, $ensure)
$_enable_v6 = $_ensure_v6 ? {
- running => true,
- stopped => false,
+ 'running' => true,
+ 'stopped' => false,
}
package { 'iptables':
class firewall::linux::archlinux (
$ensure = 'running',
$enable = true,
- $service_name = $::firewall::params::service_name,
- $package_name = $::firewall::params::package_name,
- $package_ensure = $::firewall::params::package_ensure,
+ $service_name = $firewall::params::service_name,
+ $package_name = $firewall::params::package_name,
+ $package_ensure = $firewall::params::package_ensure,
) inherits ::firewall::params {
if $package_name {
package { $package_name:
}
file { '/etc/iptables/iptables.rules':
- ensure => present,
+ ensure => file,
before => Service[$service_name],
}
file { '/etc/iptables/ip6tables.rules':
- ensure => present,
+ ensure => file,
before => Service[$service_name],
}
}
class firewall::linux::debian (
$ensure = running,
$enable = true,
- $service_name = $::firewall::params::service_name,
- $package_name = $::firewall::params::package_name,
- $package_ensure = $::firewall::params::package_ensure,
+ $service_name = $firewall::params::service_name,
+ $package_name = $firewall::params::package_name,
+ $package_ensure = $firewall::params::package_ensure,
) inherits ::firewall::params {
-
if $package_name {
#Fixes hang while installing iptables-persistent on debian 8
- exec {'iptables-persistent-debconf':
- command => "/bin/echo \"${package_name} ${package_name}/autosave_v4 boolean false\" |
+ exec { 'iptables-persistent-debconf':
+ command => "/bin/echo \"${package_name} ${package_name}/autosave_v4 boolean false\" |
/usr/bin/debconf-set-selections && /bin/echo \"${package_name} ${package_name}/autosave_v6 boolean false\" |
/usr/bin/debconf-set-selections",
- refreshonly => true,
+ refreshonly => true,
}
ensure_packages([$package_name],{
- ensure => $package_ensure,
- require => Exec['iptables-persistent-debconf']
+ ensure => $package_ensure,
+ require => Exec['iptables-persistent-debconf']
})
}
class firewall::linux::gentoo (
$ensure = 'running',
$enable = true,
- $service_name = $::firewall::params::service_name,
- $package_name = $::firewall::params::package_name,
- $package_ensure = $::firewall::params::package_ensure,
+ $service_name = $firewall::params::service_name,
+ $package_name = $firewall::params::package_name,
+ $package_ensure = $firewall::params::package_ensure,
) inherits ::firewall::params {
if $package_name {
package { $package_name:
}
file { '/var/lib/iptables/rules-save':
- ensure => present,
+ ensure => file,
before => Service[$service_name],
}
file { '/var/lib/iptables/rules-save6':
- ensure => present,
+ ensure => file,
before => Service[$service_name],
}
}
# Controls the state of the iptables package on your system. Valid options: 'present' or 'latest'. Defaults to 'latest'.
#
# @param sysconfig_manage
-# Enable sysconfig configuration for iptables/ip6tables files. Defaults defined in firewall::params. This is disabled for RedHat/CentOS 8+.
+# Enable sysconfig configuration for iptables/ip6tables files. Defaults defined in firewall::params.
+# This is disabled for RedHat/CentOS 8+.
#
# @api private
#
$ensure_v6 = undef,
$enable = true,
$enable_v6 = undef,
- $service_name = $::firewall::params::service_name,
- $service_name_v6 = $::firewall::params::service_name_v6,
- $package_name = $::firewall::params::package_name,
- $package_ensure = $::firewall::params::package_ensure,
- $sysconfig_manage = $::firewall::params::sysconfig_manage,
+ $service_name = $firewall::params::service_name,
+ $service_name_v6 = $firewall::params::service_name_v6,
+ $package_name = $firewall::params::package_name,
+ $package_ensure = $firewall::params::package_ensure,
+ $sysconfig_manage = $firewall::params::sysconfig_manage,
) inherits ::firewall::params {
$_ensure_v6 = pick($ensure_v6, $ensure)
$_enable_v6 = pick($enable_v6, $enable)
# package, which provides the /usr/libexec/iptables/iptables.init used by
# lib/puppet/util/firewall.rb.
if ($::operatingsystem != 'Amazon')
- and (($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0)
- or ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0)) {
+ and (($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0)
+ or ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0)) {
service { 'firewalld':
ensure => stopped,
enable => false,
if $package_name {
ensure_packages($package_name, {
'ensure' => $package_ensure,
- 'before' => Service[$service_name]}
+ 'before' => Service[$service_name] }
)
}
if ($::operatingsystem != 'Amazon')
- and (($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0)
- or ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0)) {
+ and (($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0)
+ or ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0)) {
if $ensure == 'running' {
exec { '/usr/bin/systemctl daemon-reload':
require => Package[$package_name],
}
if ($::operatingsystem == 'Amazon') and (versioncmp($::operatingsystemmajrelease, '4') >= 0)
- or ($::operatingsystem == 'Amazon') and (versioncmp($::operatingsystemmajrelease, '2') >= 0) {
+ or ($::operatingsystem == 'Amazon') and (versioncmp($::operatingsystemmajrelease, '2') >= 0) {
service { $service_name:
ensure => $ensure,
enable => $enable,
if $sysconfig_manage {
file { "/etc/sysconfig/${service_name}":
- ensure => present,
+ ensure => file,
owner => 'root',
group => 'root',
mode => '0600',
}
if $service_name_v6 {
file { "/etc/sysconfig/${service_name_v6}":
- ensure => present,
+ ensure => file,
owner => 'root',
group => 'root',
mode => '0600',
}
default: {}
-
}
}
default: {}
$service_name = 'iptables-persistent'
$package_name = 'iptables-persistent'
}
-
}
'Ubuntu': {
if versioncmp($::operatingsystemrelease, '14.10') >= 0 {
$service_name = 'iptables-persistent'
$package_name = 'iptables-persistent'
}
-
}
default: {
$service_name = 'iptables-persistent'
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff