]> review.fuel-infra Code Review - puppet-modules/puppetlabs-firewall.git/commitdiff
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 53c977d)
Support netfilter-persistent for later versions
authorRuss Allbery <eagle@eyrie.org>
Sun, 24 Aug 2014 06:09:54 +0000 (23:09 -0700)
committerRuss Allbery <eagle@eyrie.org>
Sun, 24 Aug 2014 20:54:27 +0000 (13:54 -0700)
iptables-persistent 1.0 and later is now a plugin module for
netfilter-persistent and does not have its own init script or
service file.  Instead, the save action must be run on the
netfilter-persistent service.

lib/puppet/util/firewall.rb patch | blob | history

diff --git a/lib/puppet/util/firewall.rb b/lib/puppet/util/firewall.rb
index 0f8bfdf40eb60acc13189b04d0e208dd3716cf65..9982bed83ec8d6499916e5c36f8c7650df559d42 100644 (file)
--- a/lib/puppet/util/firewall.rb
+++ b/lib/puppet/util/firewall.rb
@@ -191,7 +191,11 @@ module Puppet::Util::Firewall
     when :Debian
       case proto.to_sym
       when :IPv4, :IPv6
-        %w{/usr/sbin/service iptables-persistent save}
+        if Puppet::Util::Package.versioncmp(persist_ver, '1.0') > 0
+          %w{/usr/sbin/service netfilter-persistent save}
+        else
+          %w{/usr/sbin/service iptables-persistent save}
+        end
       end
     when :Debian_manual
       case proto.to_sym