]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/networking/recipes/default.rb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Disable unsupported firewall features on boitata
[chef.git] / cookbooks / networking / recipes / default.rb
diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb
index 51f3f4389aa1eb7dd4ec5f2078080e47131ac6e5..c45daae3fca5e4af0c6cf0596936e6213d43c148 100644 (file)
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -185,6 +185,7 @@ template "/etc/shorewall/conntrack" do
   group "root"
   mode 0o644
   notifies :restart, "service[shorewall]"
+  only_if { node[:networking][:firewall][:raw] }
 end
 
 template "/etc/shorewall/policy" do
@@ -305,6 +306,7 @@ unless node.interfaces(:family => :inet6).empty?
     group "root"
     mode 0o644
     notifies :restart, "service[shorewall6]"
+    only_if { node[:networking][:firewall][:raw] }
   end
 
   template "/etc/shorewall6/policy" do
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.