From cb6b6b7f85b39374897ccb8fd8b219809f35d9ba Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sun, 24 Sep 2017 11:59:03 +0200
Subject: make sure shorewall6 is started after shorewall

as inserting fw rules into iptables can't be properly serialized.
This is a backport of a fix that went into shorewall 5.1.6
by commit 0603f8e355b19ca88d2a7ad6f181767092e02e00 in the shorewall
repository.
---
 manifests/base.pp | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/manifests/base.pp b/manifests/base.pp
index 48451ae..cc8090b 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -24,6 +24,24 @@ class shorewall::base {
     package{'shorewall6':
       ensure => 'installed'
     }
+    # serialize systemd where it's not yet done
+    if (versioncmp($facts['shorewall_version'],'5.1.6') < 0) and (versioncmp($facts['os']['release']['major'],'6') > 0) {
+      include ::systemd
+      file{
+        '/etc/systemd/system/shorewall6.service.d':
+          ensure => directory,
+          owner  => 'root',
+          group  => 'root',
+          mode   => '0644';
+        '/etc/systemd/system/shorewall6.service.d/after-ipv4.conf':
+          content => "[Unit]\nAfter=shorewall.service\n",
+          owner   => 'root',
+          group   => 'root',
+          mode    => '0644',
+          notify  => Exec['systemctl-daemon-reload'],
+      }
+      Exec['systemctl-daemon-reload'] -> Service['shorewall6']
+    }
     file {
       '/etc/shorewall6/shorewall6.conf':
         require => Package['shorewall6'],
-- 
cgit v1.2.3