Disable firewalld on centos7 and greater

Firewalld is enabled by default on centos7. Unfortunately iptables-service and firewalld appear to confuse each other resulting in no firewall rules at all. Fix this by disabling firewalld allowing iptables-service to be in charge and apply the rules it has configured. Change-Id: I0089502b134c91ef2e8d11cef1e016ce314ecf96
2015-08-27 14:28:02 -07:00 · 2015-08-27 14:28:02 -07:00 · 7503162cc4
parent a2d7123013
commit 7503162cc4
1 changed files with 11 additions and 0 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -39,6 +39,17 @@ class iptables(
      enable     => true,
    }
    $notify_iptables = Service['iptables']
+
+    # On centos 7 firewalld and iptables-service confuse each other and you
+    # end up with no firewall rules at all. Disable firewalld so that
+    # iptables-service can be in charge.
+    if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease >= '7') {
+      service { 'firewalld':
+        ensure => 'stopped',
+        enable => false,
+        before => Package['iptables'],
+      }
+    }
  }

  file { $::iptables::params::rules_dir: