Merge pull request #22 from geerlingguy/systemd-unit

Fixes #17: Failing without reboot on Ubuntu 16.04.
geerlingguy · Nov 2, 2016 · 6187db6 · 6187db6
2 parents dd92337 + f353236
commit 6187db6
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 1 deletion.
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -15,7 +15,25 @@
   notify: restart firewall
 
 - name: Copy firewall init script into place.
-  template: src=firewall.j2 dest=/etc/init.d/firewall owner=root group=root mode=0755
+  template:
+    src: firewall.init.j2
+    dest: /etc/init.d/firewall
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Copy firewall systemd unit file into place (for systemd systems).
+  template:
+    src: firewall.unit.j2
+    dest: /etc/systemd/system/firewall.service
+    owner: root
+    group: root
+    mode: 0755
+  when: >
+    (ansible_distribution == 'Ubuntu' and ansible_distribution_version == '16.04') or
+    (ansible_distribution == 'Debian' and ansible_distribution_version|int >= 8) or
+    (ansible_distribution == 'CentOS' and ansible_distribution_version|int >= 7) or
+    (ansible_distribution == 'Fedora')
 
 - name: Ensure the firewall is enabled and will start on boot.
   service: name=firewall state=started enabled=yes
diff --git a/templates/firewall.j2 → templates/firewall.init.j2 b/templates/firewall.j2 → templates/firewall.init.j2
diff --git a/templates/firewall.unit.j2 b/templates/firewall.unit.j2
@@ -0,0 +1,12 @@
+[Unit]
+Description=Firewall
+After=syslog.target network.target
+
+[Service]
+Type=oneshot
+ExecStart=/etc/firewall.bash
+ExecStop=/sbin/iptables -F
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target