Update upstream cookbooks

cookbooks/firewall/libraries/provider_firewall_iptables_ubuntu.rb

@@ -1,9 +1,9 @@
 #
 # Author:: Seth Chisamore (<schisamo@opscode.com>)
-# Cookbook Name:: firewall
+# Cookbook:: firewall
 # Resource:: default
 #
-# Copyright:: 2011, Opscode, Inc.
+# Copyright:: 2011-2016, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,7 +23,7 @@ class Chef
     include FirewallCookbook::Helpers::Iptables
 
     provides :firewall, os: 'linux', platform_family: %w(debian) do |node|
-      node['firewall'] && node['firewall']['ubuntu_iptables']
+      node['platform_version'].to_f > 14.04 && node['firewall'] && node['firewall']['ubuntu_iptables']
     end
 
     def whyrun_supported?
@@ -41,7 +41,9 @@ class Chef
           end
         end
 
-        %w(rules.v4 rules.v6).each do |svc|
+        rule_files = %w(rules.v4)
+        rule_files << 'rules.v6' if ipv6_enabled?(new_resource)
+        rule_files.each do |svc|
           # must create empty file for service to start
           file "create empty /etc/iptables/#{svc}" do
             path "/etc/iptables/#{svc}"
@@ -50,8 +52,9 @@ class Chef
           end
         end
 
-        service 'iptables-persistent' do
+        service 'netfilter-persistent' do
           action [:enable, :start]
+          status_command 'true' # netfilter-persistent isn't a real service
         end
       end
     end
@@ -90,7 +93,10 @@ class Chef
         end
       end
 
-      %w(iptables ip6tables).each do |iptables_type|
+      rule_files = %w(iptables)
+      rule_files << 'ip6tables' if ipv6_enabled?(new_resource)
+
+      rule_files.each do |iptables_type|
         iptables_filename = if iptables_type == 'ip6tables'
                               '/etc/iptables/rules.v6'
                             else
@@ -110,7 +116,7 @@ class Chef
 
         # if the file was changed, restart iptables
         next unless iptables_file.updated_by_last_action?
-        service_affected = service 'iptables-persistent' do
+        service_affected = service 'netfilter-persistent' do
           action :nothing
         end
 
@@ -126,7 +132,7 @@ class Chef
       iptables_default_allow!(new_resource)
       new_resource.updated_by_last_action(true)
 
-      service 'iptables-persistent' do
+      service 'netfilter-persistent' do
         action [:disable, :stop]
       end
 
@@ -146,7 +152,9 @@ class Chef
       iptables_flush!(new_resource)
       new_resource.updated_by_last_action(true)
 
-      %w(rules.v4 rules.v6).each do |svc|
+      rule_files = %w(rules.v4)
+      rule_files << 'rules.v6' if ipv6_enabled?(new_resource)
+      rule_files.each do |svc|
         # must create empty file for service to start
         file "create empty /etc/iptables/#{svc}" do
           path "/etc/iptables/#{svc}"