:toports => "--to-ports",
:tosource => "--to-source",
:uid => "-m owner --uid-owner",
+ :bridge => "-m physdev",
}
# These are known booleans that do not take a value, but we want to munge
:tosource => "--to-source",
:to => "--to",
:uid => "-m owner --uid-owner",
+ :bridge => "-m physdev",
}
# These are known booleans that do not take a value, but we want to munge
newvalues(/^([0-9a-f]{2}[:]){5}([0-9a-f]{2})$/i)
end
+ newproperty(:bridge, :required_features => :iptables) do
+ desc <<-EOS
+ Match if the packet is being bridged.
+ EOS
+ munge do |value|
+ if ! value.to_s.start_with?("--")
+ "--" + value.to_s
+ else
+ value
+ end
+ end
+ end
+
autorequire(:firewallchain) do
reqs = []
protocol = nil
self.fail "Parameter 'stat_probability' requires 'stat_mode' to be set to 'random'"
end
+ if value(:bridged)
+ unless value(:chain).to_s =~ /FORWARD/
+ self.fail "Parameter isbridged only applies to the FORWARD chain"
+ end
+ end
+
end
end
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff