From 39804df642a41b24b6fae157d8242a0ab178b178 Mon Sep 17 00:00:00 2001
From: Russ Allbery <eagle@eyrie.org>
Date: Sat, 23 Aug 2014 23:09:54 -0700
Subject: [PATCH] Support netfilter-persistent for later versions

iptables-persistent 1.0 and later is now a plugin module for
netfilter-persistent and does not have its own init script or
service file.  Instead, the save action must be run on the
netfilter-persistent service.
---
 lib/puppet/util/firewall.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/puppet/util/firewall.rb b/lib/puppet/util/firewall.rb
index 0f8bfdf..9982bed 100644
--- a/lib/puppet/util/firewall.rb
+++ b/lib/puppet/util/firewall.rb
@@ -191,7 +191,11 @@ module Puppet::Util::Firewall
     when :Debian
       case proto.to_sym
       when :IPv4, :IPv6
-        %w{/usr/sbin/service iptables-persistent save}
+        if Puppet::Util::Package.versioncmp(persist_ver, '1.0') > 0
+          %w{/usr/sbin/service netfilter-persistent save}
+        else
+          %w{/usr/sbin/service iptables-persistent save}
+        end
       end
     when :Debian_manual
       case proto.to_sym
-- 
2.45.2