From af21d55219edd89946604575b7036412eb545a5d Mon Sep 17 00:00:00 2001
From: Ken Barber <ken@bob.sh>
Date: Wed, 24 Apr 2013 23:01:15 +0100
Subject: [PATCH] A patch for Debian 6 for enable => true has a bug

Signed-off-by: Ken Barber <ken@bob.sh>
---
 manifests/linux/debian.pp | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/manifests/linux/debian.pp b/manifests/linux/debian.pp
index 49769e6..1470893 100644
--- a/manifests/linux/debian.pp
+++ b/manifests/linux/debian.pp
@@ -6,11 +6,22 @@ class firewall::linux::debian (
     ensure => present,
   }
 
-  # This isn't a real service/daemon. The start action loads rules, so just
-  # needs to be called on system boot.
-  service { 'iptables-persistent':
-    ensure  => undef,
-    enable  => $enable,
-    require => Package['iptables-persistent'],
+  if($operatingsystemrelease =~ /^6\./ and $enable == true) {
+    # This fixes a bug in the iptables-persistent LSB headers in 6.x, without it
+    # we lose idempotency
+    exec { 'iptables-persistent-enable':
+      logoutput => on_failure,
+      command => '/usr/sbin/update-rc.d iptables-persistent enable',
+      unless => '/usr/bin/test -f /etc/rcS.d/S*iptables-persistent',
+      require => Package['iptables-persistent'],
+    }
+  } else {
+    # This isn't a real service/daemon. The start action loads rules, so just
+    # needs to be called on system boot.
+    service { 'iptables-persistent':
+      ensure  => undef,
+      enable  => $enable,
+      require => Package['iptables-persistent'],
+    }
   }
 }
-- 
2.45.2