From: Russ Allbery <eagle@eyrie.org>
Date: Sun, 24 Aug 2014 06:09:54 +0000 (-0700)
Subject: Support netfilter-persistent for later versions
X-Git-Tag: 1.3.0~1^2~18^2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=39804df642a41b24b6fae157d8242a0ab178b178;p=puppet-modules%2Fpuppetlabs-firewall.git

Support netfilter-persistent for later versions

iptables-persistent 1.0 and later is now a plugin module for
netfilter-persistent and does not have its own init script or
service file.  Instead, the save action must be run on the
netfilter-persistent service.
---

diff --git a/lib/puppet/util/firewall.rb b/lib/puppet/util/firewall.rb
index 0f8bfdf..9982bed 100644
--- a/lib/puppet/util/firewall.rb
+++ b/lib/puppet/util/firewall.rb
@@ -191,7 +191,11 @@ module Puppet::Util::Firewall
     when :Debian
       case proto.to_sym
       when :IPv4, :IPv6
-        %w{/usr/sbin/service iptables-persistent save}
+        if Puppet::Util::Package.versioncmp(persist_ver, '1.0') > 0
+          %w{/usr/sbin/service netfilter-persistent save}
+        else
+          %w{/usr/sbin/service iptables-persistent save}
+        end
       end
     when :Debian_manual
       case proto.to_sym