From efd5181992ae83fc064e01a926281c308f9b0022 Mon Sep 17 00:00:00 2001
From: Mu Administrator <john.stange@eglobaltech.com>
Date: Wed, 25 Sep 2019 12:00:08 -0400
Subject: [PATCH] firewall cookbook: os checks need more universal syntax
 (holdover from chef-sugar maybe?)

---
 cookbooks/firewall/recipes/default.rb | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/cookbooks/firewall/recipes/default.rb b/cookbooks/firewall/recipes/default.rb
index 92c91c30e..e7c305eb7 100644
--- a/cookbooks/firewall/recipes/default.rb
+++ b/cookbooks/firewall/recipes/default.rb
@@ -23,13 +23,13 @@
 end
 
 # create a variable to use as a condition on some rules that follow
-iptables_firewall = rhel? || node['firewall']['ubuntu_iptables']
+iptables_firewall = platform_family?("rhel") || platform_family?("amazon") || node['firewall']['ubuntu_iptables']
 
 firewall_rule 'allow loopback' do
   interface 'lo'
   protocol :none
   command :allow
-  only_if { linux? && node['firewall']['allow_loopback'] }
+  only_if { node["os"] == "linux" && node['firewall']['allow_loopback'] }
 end
 
 firewall_rule 'allow icmp' do
@@ -43,20 +43,20 @@
 firewall_rule 'allow world to ssh' do
   port 22
   source '0.0.0.0/0'
-  only_if { linux? && node['firewall']['allow_ssh'] }
+  only_if { node["os"] == "linux" && node['firewall']['allow_ssh'] }
 end
 
 firewall_rule 'allow world to winrm' do
   port 5989
   source '0.0.0.0/0'
-  only_if { windows? && node['firewall']['allow_winrm'] }
+  only_if { node["os"] == "windows" && node['firewall']['allow_winrm'] }
 end
 
 firewall_rule 'allow world to mosh' do
   protocol :udp
   port 60000..61000
   source '0.0.0.0/0'
-  only_if { linux? && node['firewall']['allow_mosh'] }
+  only_if { node["os"] == "linux" && node['firewall']['allow_mosh'] }
 end
 
 # allow established connections, ufw defaults to this but iptables does not