From 1706aee7afff35ac0342d21a881b9eaf07fda22f Mon Sep 17 00:00:00 2001
From: Ossi Salmi <osalmi@iki.fi>
Date: Fri, 16 Nov 2012 19:09:02 +0200
Subject: [PATCH] Don't set empty $firewall_modules to prevent unnecessary
 iptables restart

---
 firewall/manifests/init.pp | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/firewall/manifests/init.pp b/firewall/manifests/init.pp
index 866465d..86e92dd 100644
--- a/firewall/manifests/init.pp
+++ b/firewall/manifests/init.pp
@@ -30,9 +30,6 @@ class firewall {
     if ! $firewall_rules {
         $firewall_rules = []
     }
-    if ! $firewall_modules {
-        $firewall_modules = []
-    }
 
     case $operatingsystem {
         centos,debian,fedora,ubuntu: {
@@ -125,10 +122,10 @@ class firewall::common::iptables {
                 require    => Package["iptables"],
             }
             if $firewall_modules {
-                $firewall_modules_str = inline_template('\'"<%= @firewall_modules.join(" ") -%>"\'')
+                $firewall_modules_str = inline_template('<%= @firewall_modules.join(" ") -%>')
                 augeas { "iptables-config":
                     context => "/files/etc/sysconfig/iptables-config",
-                    changes => [ "set IPTABLES_MODULES ${firewall_modules_str}" ],
+                    changes => [ "set IPTABLES_MODULES '${firewall_modules_str}'" ],
                     notify  => Service["iptables"],
                 }
             }