From b1f0c5f02c986167515c818a629bbf0bcca27536 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20M=E4kinen?= <tmakinen@foo.sh>
Date: Mon, 10 Jun 2013 13:09:31 +0300
Subject: [PATCH] firewall: Added disabling ip6tables if ipv6 is not enabled on
 host.

---
 firewall/manifests/init.pp | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/firewall/manifests/init.pp b/firewall/manifests/init.pp
index bccfb4f..5c36ae2 100644
--- a/firewall/manifests/init.pp
+++ b/firewall/manifests/init.pp
@@ -161,7 +161,7 @@ class firewall::common::iptables {
         require => Package["iptables"],
     }
 
-    if $ip6tables {
+    if $ip6tables and $::ipv6enabled == "true" {
         file { $ip6tables:
             ensure  => present,
             mode    => "0600",
@@ -170,15 +170,18 @@ class firewall::common::iptables {
             require => Package["iptables"],
             notify  => Service["ip6tables"],
         }
-        case $::operatingsystem {
-            "centos","fedora","redhat": {
-                service { "ip6tables":
-                    ensure     => running,
-                    enable     => true,
-                    hasstatus  => true,
-                    hasrestart => true,
-                    require    => Package["iptables"],
-                }
+    }
+    case $::operatingsystem {
+        "centos","fedora","redhat": {
+            service { "ip6tables":
+                ensure     => $::ipv6enabled ? {
+                    "true"  => running,
+                    "false" => stopped,
+                },
+                enable     => $::ipv6enabled,
+                hasstatus  => true,
+                hasrestart => true,
+                require    => Package["iptables"],
             }
         }
     }
@@ -207,7 +210,7 @@ class firewall::iptables inherits firewall::common::iptables {
         content => template("firewall/iptables.erb"),
     }
 
-    if $firewall::common::iptables::ip6tables {
+    if $firewall::common::iptables::ip6tables and $::ipv6enabled == "true" {
         File[$firewall::common::iptables::ip6tables] {
             content => template("firewall/ip6tables.erb"),
         }