Fixed: enable correct service for restoring IPv4 rules on EL8/EL9

nftables.service loads nft rules from /etc/sysconfig/nftables.conf,
but this module generates classic iptables rules which are stored in
/etc/sysconfig/iptables.  The service to load these on boot is simply and
only "iptables.service".  If both nftables.service and iptables.service
are enabled, left over rules from /etc/sysconfig/nftables.conf may be
inadvertently loaded.

IPv6 rules are loaded correctly by ip6tables.service.

Author: kjetilho

manifests/params.pp

@@ -30,14 +30,14 @@
         }
         default: {
           if versioncmp($facts['os']['release']['full'], '9') >= 0 {
-            $service_name = ['nftables','iptables']
+            $service_name = 'iptables'
             $service_name_v6 = 'ip6tables'
             $package_name = ['iptables-services', 'nftables', 'iptables-nft-services']
             $iptables_name = 'iptables-nft'
             $sysconfig_manage = false
             $firewalld_manage = true
           } elsif versioncmp($facts['os']['release']['full'], '8.0') >= 0 {
-            $service_name = ['iptables', 'nftables']
+            $service_name = ['iptables']
             $service_name_v6 = 'ip6tables'
             $package_name = ['iptables-services', 'nftables']
             $iptables_name = 'iptables'

spec/unit/classes/firewall_linux_redhat_spec.rb

@@ -147,10 +147,6 @@
         end
 
         it {
-          expect(subject).to contain_service('nftables').with(
-            ensure: 'running',
-            enable: 'true',
-          )
           expect(subject).to contain_service('iptables').with(
             ensure: 'running',
             enable: 'true',
@@ -161,9 +157,6 @@
           let(:params) { { ensure: 'stopped' } }
 
           it {
-            expect(subject).to contain_service('nftables').with(
-              ensure: 'stopped',
-            )
             expect(subject).to contain_service('iptables').with(
               ensure: 'stopped',
             )
@@ -174,9 +167,6 @@
           let(:params) { { enable: 'false' } }
 
           it {
-            expect(subject).to contain_service('nftables').with(
-              enable: 'false',
-            )
             expect(subject).to contain_service('iptables').with(
               enable: 'false',
             )
@@ -187,21 +177,21 @@
           expect(subject).to contain_service('firewalld').with(
             ensure: 'stopped',
             enable: false,
-            before: ['Package[iptables-services]', 'Package[nftables]', 'Service[iptables]', 'Service[nftables]'],
+            before: ['Package[iptables-services]', 'Package[nftables]', 'Service[iptables]'],
           )
         }
 
         it {
           expect(subject).to contain_package('iptables-services').with(
             ensure: 'installed',
-            before: ['Service[iptables]', 'Service[nftables]'],
+            before: ['Service[iptables]'],
           )
         }
 
         it {
           expect(subject).to contain_package('nftables').with(
             ensure: 'installed',
-            before: ['Service[iptables]', 'Service[nftables]'],
+            before: ['Service[iptables]'],
           )
         }