:destination => "-d",
:dst_type => "-m addrtype --dst-type",
:dst_range => "-m iprange --dst-range",
- :dport => ["-m multiport --dports", "-m (udp|tcp) --dport", "--dport"],
+ :dport => ["-m (udp|tcp) -m multiport --dports", "-m multiport --dports", "-m (udp|tcp) --dport", "--dport"],
:gid => "-m owner --gid-owner",
:icmp => "-m icmp --icmp-type",
:iniface => "-i",
:source => "-s",
:src_type => "-m addrtype --src-type",
:src_range => "-m iprange --src-range",
- :sport => ["-m multiport --sports", "-m (udp|tcp) --sport", "--sport"],
+ :sport => ["-m (udp|tcp) -m multiport --sports", "-m multiport --sports", "-m (udp|tcp) --sport", "--sport"],
:state => "-m state --state",
:table => "-t",
:tcp_flags => "-m tcp --tcp-flags",
end
end
end
+
+ context 'accepts rules with match extension tcp flag' do
+ before :all do
+ iptables_flush_all_tables
+ shell('/sbin/iptables -t mangle -A PREROUTING -d 1.2.3.4 -p tcp -m tcp -m multiport --dports 80,443,8140 -j MARK --set-mark 42')
+ end
+
+ it do
+ shell('puppet resource firewall') do |r|
+ r.exit_code.should be_zero
+ # don't check stdout, testing preexisting rules, output is normal
+ r.stderr.should be_empty
+ end
+ end
+ end
end
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff