11 changes: 7 additions & 4 deletions manifests/linux/redhat.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@
$package_name = $firewall::params::package_name,
$package_ensure = $firewall::params::package_ensure,
$sysconfig_manage = $firewall::params::sysconfig_manage,
$firewalld_manage = true,
) inherits ::firewall::params {
$_ensure_v6 = pick($ensure_v6, $ensure)
$_enable_v6 = pick($enable_v6, $enable)
Expand All @@ -51,10 +52,12 @@
if ($::operatingsystem != 'Amazon')
and (($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0)
or ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0)) {
service { 'firewalld':
ensure => stopped,
enable => false,
before => [Package[$package_name], Service[$service_name]],
if $firewalld_manage {
service { 'firewalld':
ensure => stopped,
enable => false,
before => [Package[$package_name], Service[$service_name]],
}
}
}

Expand Down
12 changes: 9 additions & 3 deletions manifests/params.pp
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# @summary Provides defaults for the Apt module parameters.
#
# @summary Provides defaults for the Apt module parameters
#
# @api private
#
class firewall::params {
Expand Down Expand Up @@ -30,7 +30,13 @@
$sysconfig_manage = true
}
default: {
if versioncmp($::operatingsystemrelease, '8.0') >= 0 {
if versioncmp($::operatingsystemrelease, '9') >= 0 {
$service_name = 'nftables'
$service_name_v6 = undef
$package_name = ['iptables-services', 'nftables', 'iptables-nft-services']
$iptables_name = 'iptables'
$sysconfig_manage = false
} elsif versioncmp($::operatingsystemrelease, '8.0') >= 0 {
$service_name = ['iptables', 'nftables']
$service_name_v6 = 'ip6tables'
$package_name = ['iptables-services', 'nftables']
Expand Down
8 changes: 3 additions & 5 deletions metadata.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "puppetlabs-firewall",
"version": "3.4.0",
"version": "3.5.0",
"author": "puppetlabs",
"summary": "Manages Firewalls such as iptables",
"license": "Apache-2.0",
Expand Down Expand Up @@ -61,8 +61,6 @@
{
"operatingsystem": "Ubuntu",
"operatingsystemrelease": [
"14.04",
"16.04",
"18.04",
"20.04"
]
Expand All @@ -87,6 +85,6 @@
}
],
"template-url": "https://github.com/puppetlabs/pdk-templates.git#main",
"template-ref": "heads/main-0-gfe51af3",
"pdk-version": "2.1.1"
"template-ref": "heads/main-0-g806810b",
"pdk-version": "2.4.0"
}
1 change: 0 additions & 1 deletion provision.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ travis_deb:
travis_ub_6:
provisioner: docker
images:
- litmusimage/ubuntu:14.04
- litmusimage/ubuntu:16.04
- litmusimage/ubuntu:18.04
- litmusimage/ubuntu:20.04
Expand Down
2 changes: 1 addition & 1 deletion spec/acceptance/class_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
idempotent_apply(pp)
end

it 'ensure => stopped:' do
it 'ensure => stopped:', unless: os[:family] == 'redhat' && os[:release].to_i == 6 do
pp = "class { 'firewall': ensure => stopped }"
idempotent_apply(pp)
end
Expand Down
4 changes: 2 additions & 2 deletions spec/acceptance/firewall_attributes_exceptions_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1375,7 +1375,7 @@ class { '::firewall': }
describe 'condition', condition_parameter_test: false do
context 'is set' do
pp = <<-PUPPETCODE
if $facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['full'], '14.04') > 0 {
if $facts['os']['name'] == 'Ubuntu' {
firewall { '010 isblue ipv4':
ensure => 'present',
condition => '! isblue',
Expand All @@ -1389,7 +1389,7 @@ class { '::firewall': }
it 'applies' do
apply_manifest(pp)
end
if fetch_os_name == 'ubuntu' && os[:release].to_i > 14
if fetch_os_name == 'ubuntu'
it 'contains the rule' do
run_shell('iptables-save') do |r|
expect(r.stdout).to match(%r{-A INPUT -i enp0s8 -p icmp -m condition ! --condition "isblue" -m comment --comment "010 isblue ipv4" -j DROP})
Expand Down
8 changes: 6 additions & 2 deletions spec/spec_helper_acceptance_local.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,8 @@ def fetch_os_name
# To enable tests on abs/vmpooler machines just set to `true` this flag
c.filter_run_excluding condition_parameter_test: false
c.before :suite do
# Depmod is not availible by default on our AlmaLinux 8 docker image
if ['almalinux-8'].include?("#{fetch_os_name}-#{os[:release].to_i}")
# Depmod is not availible by default on our AlmaLinux/CentOS 8 docker image
if ['almalinux-8', 'centos-8'].include?("#{fetch_os_name}-#{os[:release].to_i}")
LitmusHelper.instance.run_shell('yum install kmod -y')
end
if ['centos-6', 'centos-7', 'oraclelinux-6', 'scientific-6', 'scientific-7'].include?("#{fetch_os_name}-#{os[:release].to_i}")
Expand Down Expand Up @@ -99,6 +99,10 @@ def fetch_os_name
LitmusHelper.instance.run_shell('update-alternatives --set iptables /usr/sbin/iptables-legacy', expect_failures: true)
LitmusHelper.instance.run_shell('update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy', expect_failures: true)
end
if ['oraclelinux-6', 'scientific-6'].include?("#{fetch_os_name}-#{os[:release].to_i}")
pp = "class { 'firewall': ensure => stopped }"
LitmusHelper.instance.apply_manifest(pp)
end
pp = <<-PUPPETCODE
package { 'conntrack-tools':
ensure => 'latest',
Expand Down
2 changes: 1 addition & 1 deletion spec/unit/classes/firewall_linux_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@

['Debian', 'Ubuntu'].each do |os|
context "Debian Like: operatingsystem => #{os}" do
releases = ((os == 'Debian') ? ['8'] : ['14.04'])
releases = ((os == 'Debian') ? ['10'] : ['20.04'])
releases.each do |osrel|
let(:facts) do
{
Expand Down
6 changes: 3 additions & 3 deletions spec/unit/facter/iptables_persistent_version_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,12 @@
context 'when iptables-persistent applicable' do
before(:each) { Facter.clear }

let(:dpkg_cmd) { "dpkg-query -Wf '${Version}' iptables-persistent 2>/dev/null" }
let(:dpkg_cmd) { "dpkg-query -Wf '${Version}' netfilter-persistent 2>/dev/null" }

{
'Ubuntu' => '0.5.3ubuntu2',
}.each do |os, ver|
os_release = '14.04'
os_release = '20.04'

describe "#{os} package installed" do
before(:each) do
Expand All @@ -27,7 +27,7 @@
describe 'Ubuntu package not installed' do
before(:each) do
allow(Facter.fact(:operatingsystem)).to receive(:value).and_return('Ubuntu')
allow(Facter.fact(:operatingsystemrelease)).to receive(:value).and_return('14.04')
allow(Facter.fact(:operatingsystemrelease)).to receive(:value).and_return('20.04')
allow(Facter::Util::Resolution).to receive(:exec).with(dpkg_cmd)
.and_return(nil)
end
Expand Down