From d3bf7d12e21319400a535265da1b20c29b29bd24 Mon Sep 17 00:00:00 2001
From: Gardouille <gardouille@gmail.com>
Date: Wed, 16 Sep 2015 18:22:28 +0200
Subject: [PATCH] firewall: allow 8140 if puppet is available.

---
 firewall | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/firewall b/firewall
index b0cf2d0..dd65d6c 100755
--- a/firewall
+++ b/firewall
@@ -210,8 +210,11 @@ fw_start() {
     $IPT -A OUTPUT -j ACCEPT -p udp -o ${ILAN} --dport 123 -m state --state NEW -m comment --comment "NTP out"
   fi
 
-#  #### Puppet (connection, ... )
-#  $IPT -A OUTPUT -j ACCEPT -p tcp -o "${ILAN}" --dport 8140 -m state --state NEW -m comment --comment "Puppet out"
+  if [ $(command -v puppet) ]; then
+    #### Puppet (connection, ... )
+    $IPT -A OUTPUT -j ACCEPT -p tcp -o "${ILAN}" --dport 8140 -m state --state NEW -m comment --comment "Puppet out"
+  fi
+
   #### OpenPGP HTTP key server (add key, maj, ...)
   $IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --dport 11371 -m state --state NEW -m comment --comment "OpenPGP req"