From: Ken Barber <ken@bob.sh>
Date: Wed, 24 Apr 2013 22:01:15 +0000 (+0100)
Subject: A patch for Debian 6 for enable => true has a bug
X-Git-Tag: 0.3.0~1^2~1
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=af21d55219edd89946604575b7036412eb545a5d;p=puppet-modules%2Fpuppetlabs-firewall.git

A patch for Debian 6 for enable => true has a bug

Signed-off-by: Ken Barber <ken@bob.sh>
---

diff --git a/manifests/linux/debian.pp b/manifests/linux/debian.pp
index 49769e6..1470893 100644
--- a/manifests/linux/debian.pp
+++ b/manifests/linux/debian.pp
@@ -6,11 +6,22 @@ class firewall::linux::debian (
     ensure => present,
   }
 
-  # This isn't a real service/daemon. The start action loads rules, so just
-  # needs to be called on system boot.
-  service { 'iptables-persistent':
-    ensure  => undef,
-    enable  => $enable,
-    require => Package['iptables-persistent'],
+  if($operatingsystemrelease =~ /^6\./ and $enable == true) {
+    # This fixes a bug in the iptables-persistent LSB headers in 6.x, without it
+    # we lose idempotency
+    exec { 'iptables-persistent-enable':
+      logoutput => on_failure,
+      command => '/usr/sbin/update-rc.d iptables-persistent enable',
+      unless => '/usr/bin/test -f /etc/rcS.d/S*iptables-persistent',
+      require => Package['iptables-persistent'],
+    }
+  } else {
+    # This isn't a real service/daemon. The start action loads rules, so just
+    # needs to be called on system boot.
+    service { 'iptables-persistent':
+      ensure  => undef,
+      enable  => $enable,
+      require => Package['iptables-persistent'],
+    }
   }
 }