RHEL8/Centos8/OEL8 nftables.conf filepath

[danielpkrueger]

I've been testing out firewall cookbook version 5.0.0 with OEL8. My goal is to use nftables, but I had to modify where the resource lands the created nftables.conf file. It appears that OEL8's nftables uses a different default filepath(shared with RHEL8 and CentOS8).

https://github.com/sous-chefs/firewall/blob/62a3799cf4afb0f6bd121fc4c0c3179c25e070a9/resources/nftables.rb#L43

RHEL8/Centos8/OEL8 = /etc/sysconfig/nftables.conf Debian = /etc/nftables.conf

I understand that Debian was the only OS tested with nftables, but I'd like to expand it to OEL8. I'm curious to see what approach might be best to add this into the nftables resource.

1. Duplicate the resource and make it OS specific?
2. Add a OS/version check to that action?
3. Something else entirely?

[bmhughes]

The way to go with it would be to move the file path to a resource property, then set the default value of the property to the OS specific default (via a helper method).

This should fix the bug but also allow others to override the path should they need to in the future.

[Stromweld]

Agree with @bmhughes, this helper will help set the default value based on OS https://docs.chef.io/infra_language/checking_platforms/#value_for_platform.

[bmhughes]

I wouldn't use value_for_platform here as it doesn't fit nicely into a resource property definition (useful for recipe/attribute though). Just a normal library helper and a case will do the job cleanly example.

[danielpkrueger]

Thanks for the info! I'll see what I can whip up based off the examples.

[danielpkrueger]

Finally got around adding a resource property for the nftables.conf file. Created PR: https://github.com/sous-chefs/firewall/pull/255