Added puppetlabs-firewall (required by puppetlabs-postgresql), updated the other modules.

modules/firewall/manifests/linux/archlinux.pp

@@ -0,0 +1,41 @@
+# = Class: firewall::linux::archlinux
+#
+# Manages `iptables` and `ip6tables` services, and creates files used for
+# persistence, on Arch Linux systems.
+#
+# == Parameters:
+#
+# [*ensure*]
+#   Ensure parameter passed onto Service[] resources.
+#   Default: running
+#
+# [*enable*]
+#   Enable parameter passed onto Service[] resources.
+#   Default: true
+#
+class firewall::linux::archlinux (
+  $ensure = 'running',
+  $enable = true
+) {
+  service { 'iptables':
+    ensure    => $ensure,
+    enable    => $enable,
+    hasstatus => true,
+  }
+
+  service { 'ip6tables':
+    ensure    => $ensure,
+    enable    => $enable,
+    hasstatus => true,
+  }
+
+  file { '/etc/iptables/iptables.rules':
+    ensure => present,
+    before => Service['iptables'],
+  }
+
+  file { '/etc/iptables/ip6tables.rules':
+    ensure => present,
+    before => Service['ip6tables'],
+  }
+}

modules/firewall/manifests/linux/debian.pp

@@ -0,0 +1,44 @@
+# = Class: firewall::linux::debian
+#
+# Installs the `iptables-persistent` package for Debian-alike systems. This
+# allows rules to be stored to file and restored on boot.
+#
+# == Parameters:
+#
+# [*ensure*]
+#   Ensure parameter passed onto Service[] resources.
+#   Default: running
+#
+# [*enable*]
+#   Enable parameter passed onto Service[] resources.
+#   Default: true
+#
+class firewall::linux::debian (
+  $ensure = running,
+  $enable = true
+) {
+  package { 'iptables-persistent':
+    ensure => present,
+  }
+
+  if($::operatingsystemrelease =~ /^6\./ and $enable == true
+  and versioncmp($::iptables_persistent_version, '0.5.0') < 0 ) {
+    # This fixes a bug in the iptables-persistent LSB headers in 6.x, without it
+    # we lose idempotency
+    exec { 'iptables-persistent-enable':
+      logoutput => on_failure,
+      command   => '/usr/sbin/update-rc.d iptables-persistent enable',
+      unless    => '/usr/bin/test -f /etc/rcS.d/S*iptables-persistent',
+      require   => Package['iptables-persistent'],
+    }
+  } else {
+    # This isn't a real service/daemon. The start action loads rules, so just
+    # needs to be called on system boot.
+    service { 'iptables-persistent':
+      ensure    => undef,
+      enable    => $enable,
+      hasstatus => true,
+      require   => Package['iptables-persistent'],
+    }
+  }
+}

modules/firewall/manifests/linux/redhat.pp

@@ -0,0 +1,40 @@
+# = Class: firewall::linux::redhat
+#
+# Manages the `iptables` service on RedHat-alike systems.
+#
+# == Parameters:
+#
+# [*ensure*]
+#   Ensure parameter passed onto Service[] resources.
+#   Default: running
+#
+# [*enable*]
+#   Enable parameter passed onto Service[] resources.
+#   Default: true
+#
+class firewall::linux::redhat (
+  $ensure = running,
+  $enable = true
+) {
+
+  # RHEL 7 and later and Fedora 15 and later require the iptables-services
+  # package, which provides the /usr/libexec/iptables/iptables.init used by
+  # lib/puppet/util/firewall.rb.
+  if $::operatingsystem == RedHat and $::operatingsystemrelease >= 7 {
+    package { 'iptables-services':
+      ensure => present,
+    }
+  }
+
+  if ($::operatingsystem == 'Fedora' and (( $::operatingsystemrelease =~ /^\d+/ and $::operatingsystemrelease >= 15 ) or $::operatingsystemrelease == "Rawhide")) {
+    package { 'iptables-services':
+      ensure => present,
+    }
+  }
+
+  service { 'iptables':
+    ensure    => $ensure,
+    enable    => $enable,
+    hasstatus => true,
+  }
+}