:ipsec_dir => "-m policy --dir",
:ipsec_policy => "--pol",
:mask => '--mask',
- :mac_addr => ["-m mac --mac-source", "--mac-source"],
+ :mac_source => ["-m mac --mac-source", "--mac-source"],
}
# These are known booleans that do not take a value, but we want to munge
# This order can be determined by going through iptables source code or just tweaking and trying manually
@resource_list = [
:table, :source, :destination, :iniface, :outiface, :proto, :isfragment,
- :src_range, :dst_range, :tcp_flags, :gid, :uid, :mac_addr, :sport, :dport, :port,
+ :src_range, :dst_range, :tcp_flags, :gid, :uid, :mac_source, :sport, :dport, :port,
:dst_type, :src_type, :socket, :pkttype, :name, :ipsec_dir, :ipsec_policy,
:state, :ctstate, :icmp, :limit, :burst, :recent, :rseconds, :reap,
:rhitcount, :rttl, :rname, :mask, :rsource, :rdest, :jump, :todest,
end
end
+ describe 'mac_source' do
+ context '0A:1B:3C:4D:5E:6F' do
+ it 'applies' do
+ pp = <<-EOS
+ class { '::firewall': }
+ firewall { '610 - test':
+ ensure => present,
+ source => '10.1.5.28/32',
+ mac_source => '0A:1B:3C:4D:5E:6F',
+ chain => 'INPUT',
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ it 'should contain the rule' do
+ shell('iptables-save') do |r|
+ expect(r.stdout).to match(/-A INPUT -s 10.1.5.28\/(32|255\.255\.255\.255) -p tcp -m mac --mac-source 0A:1B:3C:4D:5E:6F -m comment --comment "610 - test"/)
+ end
+ end
+ end
+ end
+
describe 'reset' do
it 'deletes all rules' do
shell('ip6tables --flush')
# which will be used to create a resource.
ARGS_TO_HASH = {
'mac_source_1' => {
- :line => '-A neutron-openvswi-FORWARD -b -s 1.2.3.4/32 -m mac --mac-source FA:16:00:00:00:00 -j ACCEPT',
+ :line => '-A neutron-openvswi-FORWARD -s 1.2.3.4/32 -m mac --mac-source FA:16:00:00:00:00 -j ACCEPT',
:table => 'filter',
:params => {
:chain => 'neutron-openvswi-FORWARD',
:source => '1.2.3.4/32',
- :mac_addr => 'FA:16:00:00:00:00',
+ :mac_source => 'FA:16:00:00:00:00',
},
},
'dport_and_sport' => {
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff