:log_level => "--log-level",
:log_prefix => "--log-prefix",
:name => "-m comment --comment",
+ :mac_source => ["-m mac --mac-source", "--mac-source"],
:outiface => "-o",
:pkttype => "-m pkttype --pkt-type",
:port => '-m multiport --ports',
# not provided with current parser [georg.koester])
@resource_list = [:table, :source, :destination, :iniface, :outiface,
:proto, :ishasmorefrags, :islastfrag, :isfirstfrag, :src_range, :dst_range,
- :tcp_flags, :gid, :uid, :sport, :dport, :port, :dst_type, :src_type,
- :pkttype, :name, :state, :ctstate, :icmp, :hop_limit, :limit, :burst,
- :recent, :rseconds, :reap, :rhitcount, :rttl, :rname, :rsource, :rdest,
- :jump, :todest, :tosource, :toports, :log_level, :log_prefix, :reject,
- :connlimit_above, :connlimit_mask, :connmark]
+ :tcp_flags, :gid, :uid, :mac_source, :sport, :dport, :port, :dst_type,
+ :src_type, :pkttype, :name, :state, :ctstate, :icmp, :hop_limit, :limit,
+ :burst, :recent, :rseconds, :reap, :rhitcount, :rttl, :rname, :rsource,
+ :rdest, :jump, :todest, :tosource, :toports, :log_level, :log_prefix,
+ :reject, :connlimit_above, :connlimit_mask, :connmark]
end
end
end
+ describe 'mac_source' do
+ context '0A:1B:3C:4D:5E:6F' do
+ it 'applies' do
+ pp = <<-EOS
+ class { '::firewall': }
+ firewall { '604 - test':
+ ensure => present,
+ source => '2001:db8::1/128',
+ mac_source => '0A:1B:3C:4D:5E:6F',
+ chain => 'INPUT',
+ provider => 'ip6tables',
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ it 'should contain the rule' do
+ shell('ip6tables-save') do |r|
+ expect(r.stdout).to match(/-A INPUT -s 2001:db8::1\/(128|ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) -p tcp -m mac --mac-source 0A:1B:3C:4D:5E:6F -m comment --comment "604 - test"/)
+ end
+ end
+ end
+ end
+
# ip6tables only support addrtype on a limited set of platforms
if default['platform'] =~ /el-7/ or default['platform'] =~ /debian-7/ or default['platform'] =~ /ubuntu-1404/
['dst_type', 'src_type'].each do |type|
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff