firewall: Added disabling ip6tables if ipv6 is not enabled on host.
This commit is contained in:
parent
d15419f0d0
commit
b1f0c5f02c
1 changed files with 14 additions and 11 deletions
|
|
@ -161,7 +161,7 @@ class firewall::common::iptables {
|
|||
require => Package["iptables"],
|
||||
}
|
||||
|
||||
if $ip6tables {
|
||||
if $ip6tables and $::ipv6enabled == "true" {
|
||||
file { $ip6tables:
|
||||
ensure => present,
|
||||
mode => "0600",
|
||||
|
|
@ -170,15 +170,18 @@ class firewall::common::iptables {
|
|||
require => Package["iptables"],
|
||||
notify => Service["ip6tables"],
|
||||
}
|
||||
case $::operatingsystem {
|
||||
"centos","fedora","redhat": {
|
||||
service { "ip6tables":
|
||||
ensure => running,
|
||||
enable => true,
|
||||
hasstatus => true,
|
||||
hasrestart => true,
|
||||
require => Package["iptables"],
|
||||
}
|
||||
}
|
||||
case $::operatingsystem {
|
||||
"centos","fedora","redhat": {
|
||||
service { "ip6tables":
|
||||
ensure => $::ipv6enabled ? {
|
||||
"true" => running,
|
||||
"false" => stopped,
|
||||
},
|
||||
enable => $::ipv6enabled,
|
||||
hasstatus => true,
|
||||
hasrestart => true,
|
||||
require => Package["iptables"],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -207,7 +210,7 @@ class firewall::iptables inherits firewall::common::iptables {
|
|||
content => template("firewall/iptables.erb"),
|
||||
}
|
||||
|
||||
if $firewall::common::iptables::ip6tables {
|
||||
if $firewall::common::iptables::ip6tables and $::ipv6enabled == "true" {
|
||||
File[$firewall::common::iptables::ip6tables] {
|
||||
content => template("firewall/ip6tables.erb"),
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue