tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

firewall: Added disabling ip6tables if ipv6 is not enabled on host.

Browse source
This commit is contained in:
Timo Mkinen 2013-06-10 13:09:31 +03:00
parent d15419f0d0
commit b1f0c5f02c
1 changed files with 14 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
firewall/manifests/init.pp
View file

@ -161,7 +161,7 @@ class firewall::common::iptables {
require => Package["iptables"], require => Package["iptables"],
} }
if $ip6tables { if $ip6tables and $::ipv6enabled == "true" {
file { $ip6tables: file { $ip6tables:
ensure => present, ensure => present,
mode => "0600", mode => "0600",
@ -170,15 +170,18 @@ class firewall::common::iptables {
require => Package["iptables"], require => Package["iptables"],
notify => Service["ip6tables"], notify => Service["ip6tables"],
} }
case $::operatingsystem { }
"centos","fedora","redhat": { case $::operatingsystem {
service { "ip6tables": "centos","fedora","redhat": {
ensure => running, service { "ip6tables":
enable => true, ensure => $::ipv6enabled ? {
hasstatus => true, "true" => running,
hasrestart => true, "false" => stopped,
require => Package["iptables"], },
} enable => $::ipv6enabled,
hasstatus => true,
hasrestart => true,
require => Package["iptables"],
} }
} }
} }
@ -207,7 +210,7 @@ class firewall::iptables inherits firewall::common::iptables {
content => template("firewall/iptables.erb"), content => template("firewall/iptables.erb"),
} }
if $firewall::common::iptables::ip6tables { if $firewall::common::iptables::ip6tables and $::ipv6enabled == "true" {
File[$firewall::common::iptables::ip6tables] { File[$firewall::common::iptables::ip6tables] {
content => template("firewall/ip6tables.erb"), content => template("firewall/ip6tables.erb"),
} }