Initial support for ipv6 firewall in linux iptables.

2010-05-06 21:36:01 +03:00 · 2010-05-06 21:36:01 +03:00 · 319d670437
commit 319d670437
parent e07ce25ef2
3 changed files with 58 additions and 5 deletions
--- a/firewall/manifests/init.pp
+++ b/firewall/manifests/init.pp
@ -72,7 +72,7 @@ class firewall::custom {
 #
 class firewall::common::iptables {

-    package { [ "iptables" ]:
+    package { [ "iptables", "iptables-ipv6" ]:
 	ensure => installed,
    }

@ -85,6 +85,15 @@ class firewall::common::iptables {
 	notify  => Service["iptables"],
    }

+    file { "/etc/sysconfig/ip6tables":
+        ensure  => present,
+        mode    => 0600,
+        owner   => root,
+        group   => root,
+        require => Package["iptables-ipv6"],
+        notify  => Service["ip6tables"],
+    }
+    
    service { "iptables":
 	ensure     => running,
 	enable     => true,
@ -93,6 +102,14 @@ class firewall::common::iptables {
 	require    => Package["iptables"],
    }

+    service { "ip6tables":
+	ensure     => running,
+	enable     => true,
+	hasstatus  => true,
+	hasrestart => true,
+	require    => Package["iptables-ipv6"],
+    }
+
 }


@ -104,6 +121,10 @@ class firewall::iptables inherits firewall::common::iptables {
 	content => template("firewall/iptables.erb"),
    }

+    File["/etc/sysconfig/ip6tables"] {
+        content => template("firewall/ip6tables.erb"),
+    }
+    
 }