(#9362) Create action property and perform transformation for accept, drop, reject value for iptables jump parameter.
This commit introduces the new 'action' parameter which is designed to designate
the action to take when a match succeeds. This is a cross-platform parameter and
for the values 'accept','drop','reject' it will take the place of the existing
jump parameter.
The jump parameter is deemed as an iptables specific parameter so by splitting
out this parameter for common actions it allows us to extend the firewall
resource to include other providers much more easily in the future. By having
such a common parameter we will be able to compare resources between boxes that
may have different firewall implementations.
The new behaviour is to force the usage for action parameter, and using
'accept', 'drop' or 'reject' for jump will now no longer work.
Also - the default of 'accept' for jump has been removed which means you MUST
specify an action if you want your rule to do something. Without an action the
rule will match, but do nothing (so only useful for keeping counters generally).
To aid in the testing of this new property I've added new ways to test converting
iptables rules to hashes and hashes to general_args. This should simplify the
testing of new bugs as well.
Code Review / puppet-modules / puppetlabs-firewall.git / commit