make sure shorewall6 is started after shorewall

as inserting fw rules into iptables can't be properly serialized. This is a backport of a fix that went into shorewall 5.1.6 by commit 0603f8e355b19ca88d2a7ad6f181767092e02e00 in the shorewall repository.
author: mh <mh@immerda.ch> 2017-09-24 11:59:03 +0200
committer: mh <mh@immerda.ch> 2017-09-24 12:00:30 +0200
commit: cb6b6b7f85b39374897ccb8fd8b219809f35d9ba (patch)
tree: 20344724a4bf30f03f50b3e074fd7cf4cec1e8f4
parent: 213a4254c03db1477f584972519b1fe3b351074b (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/manifests/base.pp b/manifests/base.pp
index 48451ae..cc8090b 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -24,6 +24,24 @@ class shorewall::base {
     package{'shorewall6':
       ensure => 'installed'
     }
+    # serialize systemd where it's not yet done
+    if (versioncmp($facts['shorewall_version'],'5.1.6') < 0) and (versioncmp($facts['os']['release']['major'],'6') > 0) {
+      include ::systemd
+      file{
+        '/etc/systemd/system/shorewall6.service.d':
+          ensure => directory,
+          owner  => 'root',
+          group  => 'root',
+          mode   => '0644';
+        '/etc/systemd/system/shorewall6.service.d/after-ipv4.conf':
+          content => "[Unit]\nAfter=shorewall.service\n",
+          owner   => 'root',
+          group   => 'root',
+          mode    => '0644',
+          notify  => Exec['systemctl-daemon-reload'],
+      }
+      Exec['systemctl-daemon-reload'] -> Service['shorewall6']
+    }
     file {
       '/etc/shorewall6/shorewall6.conf':
         require => Package['shorewall6'],
author	mh <mh@immerda.ch>	2017-09-24 11:59:03 +0200
committer	mh <mh@immerda.ch>	2017-09-24 12:00:30 +0200
commit	cb6b6b7f85b39374897ccb8fd8b219809f35d9ba (patch)
tree	20344724a4bf30f03f50b3e074fd7cf4cec1e8f4
parent	213a4254c03db1477f584972519b1fe3b351074b (diff)