Merge branch 'COOK-580'

mpasternacki · Jun 8, 2011 · 9a66631 · 9a66631
2 parents 13cb62d + c8ceaad
commit 9a66631
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 1 deletion.
diff --git a/iptables/files/default/rebuild-iptables b/iptables/files/default/rebuild-iptables
@@ -6,6 +6,7 @@ our $ID = q$Id: rebuild-iptables 344 2006-10-04 02:48:30Z digant $;
 #
 # Written by Russ Allbery <rra@stanford.edu>
 # Adapted by Digant C Kasundra <digant@stanford.edu>
+# Adapted by Joe Williams (2011) <joe@joetify.com>
 # Copyright 2005, 2006 Board of Trustees, Leland Stanford Jr. University
 #
 # Constructs an iptables rules file from the prefix, standard, and suffix
@@ -130,7 +131,8 @@ sub install_debian {
       or die "$0: cannot mkdir /etc/iptables: $!\n";
   }
   write_iptables( "/etc/iptables/general", @data );
-  system("/sbin/iptables-restore < /etc/iptables/general");
+  system("/sbin/iptables-restore < /etc/iptables/general") == 0
+    or die "rebuild-iptables: iptables-restore failed! - $?"
 }
 
 ##############################################################################

diff --git a/iptables/recipes/default.rb b/iptables/recipes/default.rb
@@ -33,5 +33,18 @@
   mode 0755
 end
 
+case node[:platform]
+when "redhat", "centos"
+  iptables_save_file = "/etc/sysconfig/iptables"
+when "ubuntu", "debian"
+  iptables_save_file = "/etc/iptables/general"
+end
+
+template "/etc/network/if-pre-up.d/iptables_load" do
+  source "iptables_load.erb"
+  mode 0755
+  variables :iptables_save_file => iptables_save_file
+end
+
 iptables_rule "all_established"
 iptables_rule "all_icmp"
diff --git a/iptables/templates/default/iptables_load.erb b/iptables/templates/default/iptables_load.erb
@@ -0,0 +1,3 @@
+#!/bin/sh
+/sbin/iptables-restore < <%= @iptables_save_file %>
+exit 0