@doc = "Ip6tables type provider"
has_feature :iptables
+ has_feature :hop_limiting
has_feature :rate_limiting
has_feature :snat
has_feature :dnat
:icmp => "-m icmp6 --icmpv6-type",
:iniface => "-i",
:jump => "-j",
+ :hop_limit => "-m hl --hl-eq",
:limit => "-m limit --limit",
:log_level => "--log-level",
:log_prefix => "--log-prefix",
# I put it when calling the command. So compability with manual changes
# not provided with current parser [georg.koester])
@resource_list = [:table, :source, :destination, :iniface, :outiface,
- :proto, :ishasmorefrags, :islastfrag, :isfirstfrag, :gid, :uid, :sport, :dport, :port, :pkttype, :name, :state, :icmp, :limit, :burst, :jump,
+ :proto, :ishasmorefrags, :islastfrag, :isfirstfrag, :gid, :uid, :sport, :dport,
+ :port, :pkttype, :name, :state, :icmp, :hop_limit, :limit, :burst, :jump,
:todest, :tosource, :toports, :log_level, :log_prefix, :reject]
# These are known booleans that do not take a value, but we want to munge
installed.
EOS
+ feature :hop_limiting, "Hop limiting features."
feature :rate_limiting, "Rate limiting features."
feature :snat, "Source NATing"
feature :dnat, "Destination NATing"
end
end
+ # Hop limiting properties
+ newproperty(:hop_limit, :required_features => :hop_limiting) do
+ desc <<-EOS
+ Hop limiting value for matched packets.
+ EOS
+ newvalue(/^\d+$/)
+ end
+
# Rate limiting properties
newproperty(:limit, :required_features => :rate_limiting) do
desc <<-EOS
},
:args => ["-t", :filter, "-p", :tcp, "-m", "frag", "--fragid", "0", "--fragfirst", "-m", "comment", "--comment", "100 first fragment"],
},
+ 'hop_limit' => {
+ :params => {
+ :name => "100 hop limit",
+ :hop_limit => 255,
+ :provider => 'ip6tables',
+ :table => "filter",
+ },
+ :args => ["-t", :filter, "-p", :tcp, "-m", "comment", "--comment", "100 hop limit", "-m", "hl", "--hl-eq", 255],
+ },
}
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff