# These are known booleans that do not take a value, but we want to munge
# to true if they exist.
- @known_booleans = [:ishasmorefrags, :islastfrag, :isfirstfrag]
+ @known_booleans = [:ishasmorefrags, :islastfrag, :isfirstfrag, :rsource, :rdest, :reap, :rttl]
# Create property methods dynamically
(@resource_map.keys << :chain << :table << :action).each do |property|
# These are known booleans that do not take a value, but we want to munge
# to true if they exist.
- @known_booleans = [:socket, :isfragment]
+ @known_booleans = [:socket, :isfragment, :rsource, :rdest, :reap, :rttl]
# Create property methods dynamically
# the actual rule will have the ! mark before the option.
values = values.sub(/(!)\s*(-\S+)\s*(\S*)/, '\2 "\1 \3"')
- # rsource, rdest, reap and rttl take no values. Cheat by adding "" after them.
- values = values.sub(/--rsource/, '--rsource ""')
- values = values.sub(/--rdest/, '--rdest ""')
- values = values.sub(/--reap/, '--reap ""')
- values = values.sub(/--rttl/, '--rttl ""')
-
# Trick the system for booleans
@known_booleans.each do |bool|
# append "true" because all params are expected to have values
next
end
end
- if res == :rsource then
- resource_value = nil
- end
- if res == :rdest then
- resource_value = nil
- end
- if res == :reap then
- resource_value = nil
- end
- if res == :rttl then
- resource_value = nil
- end
elsif res == :jump and resource[:action] then
# In this case, we are substituting jump for action
resource_value = resource[:action].to_s.upcase
newproperty(:recent, :required_features => :recent_limiting) do
desc <<-EOS
Enable the recent module. Takes as an argument one of set, update,
- rcheck or remove.
+ rcheck or remove. For example:
+
+ recent => 'update',
+ rseconds => 60,
+ rhitcount => 4,
+ rsource => true,
EOS
newvalues(:set, :update, :rcheck, :remove)
newproperty(:rdest, :required_features => :recent_limiting) do
desc <<-EOS
Recent module; add the destination IP address to the list.
- Takes no argument.
+ Must be boolean true.
EOS
end
newproperty(:rsource, :required_features => :recent_limiting) do
desc <<-EOS
Recent module; add the source IP address to the list.
- Takes no argument.
+ Must be boolean true.
EOS
end
desc <<-EOS
Recent module; can only be used in conjunction with --seconds. When
used, this will cause entries older then 'seconds' to be purged.
+ Must be boolean true.
EOS
end
useful if you have problems with people faking their source
address in order to DoS you via this module by disallowing others
access to your site by sending bogus packets to you.
+ Must be boolean true.
EOS
end
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff