diff --git a/firewall/manifests/init.pp b/firewall/manifests/init.pp
index 820c7e4..1360727 100644
--- a/firewall/manifests/init.pp
+++ b/firewall/manifests/init.pp
@@ -27,7 +27,7 @@ class firewall {
     }
 
     case $operatingsystem {
-	centos,fedora: {
+	centos,debian,fedora,ubuntu: {
 	    include firewall::iptables
 	}
 	openbsd: {
@@ -54,7 +54,7 @@ class firewall {
 class firewall::custom {
 
     case $operatingsystem {
-	centos,fedora: {
+	centos,debian,fedora,ubuntu: {
 	    include firewall::custom::iptables
 	}
 	openbsd: {
@@ -72,13 +72,21 @@ class firewall::custom {
 #
 class firewall::common::iptables {
 
-    package { [ "iptables", "iptables-ipv6" ]:
-	ensure => installed,
+    package { "iptables":
+        name   => $operatingsystem ? {
+            centos => [ "iptables", "iptables-ipv6" ],
+            debian => [ "iptables", "iptables-persistent" ],
+            fedora => [ "iptables", "iptables-ipv6" ],
+            ubuntu => [ "iptables", "iptables-persistent" ],
+        },
     }
 
-    $ip6states = versioncmp($kernelversion, "2.6.20")
-
     file { "/etc/sysconfig/iptables":
+        name    => $operatingsystem ? {
+            debian  => "/etc/iptables/rules",
+            ubuntu  => "/etc/iptables/rules",
+            default => "/etc/sysconfig/iptables",
+        },
 	ensure  => present,
 	mode    => 0600,
 	owner   => root,
@@ -87,29 +95,43 @@ class firewall::common::iptables {
 	notify  => Service["iptables"],
     }
 
-    file { "/etc/sysconfig/ip6tables":
-        ensure  => present,
-        mode    => 0600,
-        owner   => root,
-        group   => root,
-        require => Package["iptables-ipv6"],
-        notify  => Service["ip6tables"],
-    }
-    
-    service { "iptables":
-	ensure     => running,
-	enable     => true,
-	hasstatus  => true,
-	hasrestart => true,
-	require    => Package["iptables"],
+    case $operatingsystem {
+        centos,fedora: {
+            $ip6states = versioncmp($kernelversion, "2.6.20")
+            file { "/etc/sysconfig/ip6tables":
+                ensure  => present,
+                mode    => 0600,
+                owner   => root,
+                group   => root,
+                require => Package["iptables-ipv6"],
+                notify  => Service["ip6tables"],
+            }
+            service { "ip6tables":
+                ensure     => running,
+                enable     => true,
+                hasstatus  => true,
+                hasrestart => true,
+                require    => Package["iptables-ipv6"],
+            }
+        }
     }
 
-    service { "ip6tables":
+    service { "iptables":
+        name       => $operatingsystem ? {
+            debian  => "iptables-persistent",
+            ubuntu  => "iptables-persistent",
+            default => "iptables",
+        },
 	ensure     => running,
 	enable     => true,
-	hasstatus  => true,
-	hasrestart => true,
-	require    => Package["iptables-ipv6"],
+	hasrestart => $operatingsystem ? {
+            centos => true,
+            debian => false,
+            fedora => true,
+            ubuntu => false,
+        },
+        status     => "iptables -t filter --list --line-numbers | egrep '^1'",
+	require    => Package["iptables"],
     }
 
 }
@@ -123,10 +145,14 @@ class firewall::iptables inherits firewall::common::iptables {
 	content => template("firewall/iptables.erb"),
     }
 
-    File["/etc/sysconfig/ip6tables"] {
-        content => template("firewall/ip6tables.erb"),
+    case $operatingsystem {
+        centos,fedora: {
+            File["/etc/sysconfig/ip6tables"] {
+                content => template("firewall/ip6tables.erb"),
+            }
+        }
     }
-    
+
 }