:ipsec_dir => "-m policy --dir",
:ipsec_policy => "--pol",
:mask => '--mask',
+ :mac_addr => ["-m mac --mac-source", "--mac-source"],
}
# These are known booleans that do not take a value, but we want to munge
# This order can be determined by going through iptables source code or just tweaking and trying manually
@resource_list = [
:table, :source, :destination, :iniface, :outiface, :proto, :isfragment,
- :src_range, :dst_range, :tcp_flags, :gid, :uid, :sport, :dport, :port,
+ :src_range, :dst_range, :tcp_flags, :gid, :uid, :mac_addr, :sport, :dport, :port,
:dst_type, :src_type, :socket, :pkttype, :name, :ipsec_dir, :ipsec_policy,
:state, :ctstate, :icmp, :limit, :burst, :recent, :rseconds, :reap,
:rhitcount, :rttl, :rname, :mask, :rsource, :rdest, :jump, :todest,
# This hash is for testing a line conversion to a hash of parameters
# which will be used to create a resource.
ARGS_TO_HASH = {
+ 'mac_source_1' => {
+ :line => '-A neutron-openvswi-FORWARD -b -s 1.2.3.4/32 -m mac --mac-source FA:16:00:00:00:00 -j ACCEPT',
+ :table => 'filter',
+ :params => {
+ :chain => 'neutron-openvswi-FORWARD',
+ :source => '1.2.3.4/32',
+ :mac_addr => 'FA:16:00:00:00:00',
+ },
+ },
'dport_and_sport' => {
:line => '-A nova-compute-FORWARD -s 0.0.0.0/32 -d 255.255.255.255/32 -p udp -m udp --sport 68 --dport 67 -j ACCEPT',
:table => 'filter',
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff