Révision 0c9bc308
Add support for Arch Linux
Arch Linux stores the configuration in a different path and does not
provide firewalld without explicit installation.
This basically the same as #66 – I've reused their code since it hasn't
been merged in a while.
| spec/acceptance/all_rules_spec.rb | ||
|---|---|---|
| 78 | 78 |
elements => ['192.168.0.1', '10.0.0.2'], |
| 79 | 79 |
table => ['inet-filter', 'ip-nat'], |
| 80 | 80 |
} |
| 81 |
$config_path = case $facts['os']['family'] {
|
|
| 82 |
'Archlinux': {
|
|
| 83 |
'/etc/nftables.conf' |
|
| 84 |
} |
|
| 85 |
default: {
|
|
| 86 |
'/etc/sysconfig/nftables.conf' |
|
| 87 |
} |
|
| 88 |
} |
|
| 81 | 89 |
# nftables cannot be started in docker so replace service with a validation only. |
| 82 | 90 |
systemd::dropin_file{"zzz_docker_nft.conf":
|
| 83 | 91 |
ensure => present, |
| ... | ... | |
| 85 | 93 |
content => [ |
| 86 | 94 |
"[Service]", |
| 87 | 95 |
"ExecStart=", |
| 88 |
"ExecStart=/sbin/nft -c -I /etc/nftables/puppet -f /etc/sysconfig/nftables.conf",
|
|
| 96 |
"ExecStart=/sbin/nft -c -I /etc/nftables/puppet -f $config_path",
|
|
| 89 | 97 |
"ExecReload=", |
| 90 |
"ExecReload=/sbin/nft -c -I /etc/nftables/puppet -f /etc/sysconfig/nftables.conf",
|
|
| 98 |
"ExecReload=/sbin/nft -c -I /etc/nftables/puppet -f $config_path",
|
|
| 91 | 99 |
"", |
| 92 | 100 |
].join("\n"),
|
| 93 | 101 |
notify => Service["nftables"], |
Formats disponibles : Unified diff