]> review.fuel-infra Code Review - puppet-modules/puppetlabs-firewall.git/commit
Code Review / puppet-modules / puppetlabs-firewall.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 1513dda) | patch
In lib/puppet/provider/firewall/iptables.rb we test on boolean flags when building...
authorSimon Martin <git@simon-martin.co.uk>
Thu, 3 Apr 2014 09:33:09 +0000 (10:33 +0100)
committerSimon Martin <git@simon-martin.co.uk>
Thu, 3 Apr 2014 09:33:09 +0000 (10:33 +0100)
commita237ef983718ea7483ff4fe17382fa7350b71cdf
treeff7afc0f240b8c9699bb70f0a59d924bdee0107ftree | snapshot
parent1513dda7ef6da48555f98a7483881022502dcdfccommit | diff
In lib/puppet/provider/firewall/iptables.rb we test on boolean flags when building iptables args:

        # If socket is true then do not add the value as -m socket is standalone
        if known_booleans.include?(res) then
          if resource[res] == :true then
            resource_value = nil
          else
            # If the property is not :true then we don't want to add the value
            # to the args list
            next
          end
        end

This evaluates to false on the reap flag in a definition like this:
    firewall { '001 rate limit ssh attempts':
        port   => [22],
        proto  => tcp,
        tcp_flags => "FIN,SYN,RST,ACK SYN",
        recent => 'rcheck',
        rsource => true,
        rname => 'ssh-syn4',
        rseconds => 30,
        rhitcount => 3,
        reap => true,
        jump => drop,
    }

This is because the value is not defined as a string, so the reap flag is not added to the args. This patch defines reap as a string true or false to match others like rsource.
lib/puppet/type/firewall.rb diff | blob | history