has_feature :mask
has_feature :ipset
has_feature :length
+ has_feature :string_matching
optional_commands({
:ip6tables => 'ip6tables',
:stat_packet => '--packet',
:stat_probability => '--probability',
:state => "-m state --state",
+ :string => "-m string --string",
+ :string_algo => "--algo",
+ :string_from => "--from",
+ :string_to => "--to",
:table => "-t",
:tcp_flags => "-m tcp --tcp-flags",
:todest => "--to-destination",
:tcp_flags, :uid, :gid, :mac_source, :sport, :dport, :port, :src_type,
:dst_type, :socket, :pkttype, :name, :ipsec_dir, :ipsec_policy, :state,
:ctstate, :icmp, :hop_limit, :limit, :burst, :length, :recent, :rseconds, :reap,
- :rhitcount, :rttl, :rname, :mask, :rsource, :rdest, :ipset, :jump, :clamp_mss_to_pmtu, :gateway, :todest,
+ :rhitcount, :rttl, :rname, :mask, :rsource, :rdest, :ipset, :string, :string_algo,
+ :string_from, :string_to, :jump, :clamp_mss_to_pmtu, :gateway, :todest,
:tosource, :toports, :checksum_fill, :log_level, :log_prefix, :log_uid, :reject, :set_mss, :set_dscp, :set_dscp_class, :mss,
:set_mark, :match_mark, :connlimit_above, :connlimit_mask, :connmark, :time_start, :time_stop, :month_days, :week_days, :date_start, :date_stop, :time_contiguous, :kernel_timezone]
has_feature :ipset
has_feature :clusterip
has_feature :length
+ has_feature :string_matching
optional_commands({
:iptables => 'iptables',
:stat_packet => '--packet',
:stat_probability => '--probability',
:state => "-m state --state",
+ :string => "-m string --string",
+ :string_algo => "--algo",
+ :string_from => "--from",
+ :string_to => "--to",
:table => "-t",
:tcp_flags => "-m tcp --tcp-flags",
:todest => "--to-destination",
:src_range, :dst_range, :tcp_flags, :uid, :gid, :mac_source, :sport, :dport, :port,
:src_type, :dst_type, :socket, :pkttype, :name, :ipsec_dir, :ipsec_policy,
:state, :ctstate, :icmp, :limit, :burst, :length, :recent, :rseconds, :reap,
- :rhitcount, :rttl, :rname, :mask, :rsource, :rdest, :ipset, :jump, :goto, :clusterip_new, :clusterip_hashmode,
+ :rhitcount, :rttl, :rname, :mask, :rsource, :rdest, :ipset, :string, :string_algo,
+ :string_from, :string_to, :jump, :goto, :clusterip_new, :clusterip_hashmode,
:clusterip_clustermac, :clusterip_total_nodes, :clusterip_local_node, :clusterip_hash_init,
:clamp_mss_to_pmtu, :gateway, :set_mss, :set_dscp, :set_dscp_class, :todest, :tosource, :toports, :to, :checksum_fill, :random, :log_prefix,
:log_level, :log_uid, :reject, :set_mark, :match_mark, :mss, :connlimit_above, :connlimit_mask, :connmark, :time_start, :time_stop,
feature :ipset, "Match against specified ipset list"
feature :clusterip, "Configure a simple cluster of nodes that share a certain IP and MAC address without an explicit load balancer in front of them."
feature :length, "Match the length of layer-3 payload"
+ feature :string_matching, "String matching features"
# provider specific features
feature :iptables, "The provider provides iptables features."
end
end
+ newproperty(:string, :required_features => :string_matching) do
+ desc <<-EOS
+ String matching feature. Matches the packet against the pattern
+ given as an argument.
+ EOS
+
+ munge do |value|
+ value = "'" + value + "'"
+ end
+ end
+
+ newproperty(:string_algo, :required_features => :string_matching) do
+ desc <<-EOS
+ String matching feature, pattern matching strategy.
+ EOS
+
+ newvalues(:bm, :kmp)
+ end
+
+ newproperty(:string_from, :required_features => :string_matching) do
+ desc <<-EOS
+ String matching feature, offset from which we start looking for any matching.
+ EOS
+ end
+
+ newproperty(:string_to, :required_features => :string_matching) do
+ desc <<-EOS
+ String matching feature, offset up to which we should scan.
+ EOS
+ end
+
autorequire(:firewallchain) do
reqs = []
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff