]> review.fuel-infra Code Review - puppet-modules/puppetlabs-firewall.git/commit
Code Review / puppet-modules / puppetlabs-firewall.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 43ba681) | patch
(#10274) Nullify addresses with zero prefixlen
authorDan Carley <dan.carley@gmail.com>
Fri, 25 May 2012 06:41:36 +0000 (07:41 +0100)
committerDan Carley <dan.carley@gmail.com>
Mon, 28 May 2012 07:33:30 +0000 (08:33 +0100)
commit2721826395e792030141239841f0818fb112ce7a
treea54c4289eefff359d57f864bf537de9789752518tree | snapshot
parent43ba6814e8fa35d040768561ce91e105cd64268fcommit | diff
(#10274) Nullify addresses with zero prefixlen

Modify the behaviour of Util::Firewall.host_to_ip, as used by the type to
parse source and destination addresses, to return nil if the resulting CIDR
represented address has a prefix length of zero. Includes type and provider
tests for IPv4 and IPv6.

IPtables silently omits rules with source and destination addresses that
have a prefix length of zero (eg. 0.0.0.0/0) because they are functionally
equivialent to not specifying any address. This was causing rules to be
unecessarily reloaded.

The behaviour of Util::IPcidr remains the same. Now includes some additional
tests for it's identification of zero prefixlen IPv4 and IPv6 addresses.
lib/puppet/util/firewall.rb diff | blob | history
spec/fixtures/iptables/conversion_hash.rb diff | blob | history
spec/unit/puppet/type/firewall_spec.rb diff | blob | history
spec/unit/puppet/util/firewall_spec.rb diff | blob | history
spec/unit/puppet/util/ipcidr_spec.rb diff | blob | history