addrtype: [:src_type, :dst_type],
iprange: [:src_range, :dst_range],
owner: [:uid, :gid],
- conntrack: [:ctstate, :ctproto, :ctorigsrc, :ctorigdst, :ctreplsrc, :ctrepldst,
+ conntrack: [:ctstate, :ctproto, :ctorigsrc, :ctorigdst, :ctreplsrc, :ctrepldst,
:ctorigsrcport, :ctorigdstport, :ctreplsrcport, :ctrepldstport, :ctstatus, :ctexpire, :ctdir],
time: [:time_start, :time_stop, :month_days, :week_days, :date_start, :date_stop, :time_contiguous, :kernel_timezone],
geoip: [:src_cc, :dst_cc],
addrtype: [:src_type, :dst_type],
iprange: [:src_range, :dst_range],
owner: [:uid, :gid],
- conntrack: [:ctstate, :ctproto, :ctorigsrc, :ctorigdst, :ctreplsrc, :ctrepldst,
+ conntrack: [:ctstate, :ctproto, :ctorigsrc, :ctorigdst, :ctreplsrc, :ctrepldst,
:ctorigsrcport, :ctorigdstport, :ctreplsrcport, :ctrepldstport, :ctstatus, :ctexpire, :ctdir],
time: [:time_start, :time_stop, :month_days, :week_days, :date_start, :date_stop, :time_contiguous, :kernel_timezone],
geoip: [:src_cc, :dst_cc],
newproperty(:ctproto, required_features: :conntrack) do
desc <<-PUPPETCODE
- The specific layer-4 protocol number to match for this rule using the
+ The specific layer-4 protocol number to match for this rule using the
conntrack module.
PUPPETCODE
newvalue(%r{^!?\s?\d+$})
begin
@resource.host_to_mask(value, protocol)
if protocol == :IPv4
- value.chomp("/32")
+ value.chomp('/32')
elsif protocol == :IPv6
- value.chomp("/128")
+ value.chomp('/128')
end
rescue StandardError => e
raise("host_to_ip failed for #{value}, exception #{e}")
begin
@resource.host_to_mask(value, protocol)
if protocol == :IPv4
- value.chomp("/32")
+ value.chomp('/32')
elsif protocol == :IPv6
- value.chomp("/128")
+ value.chomp('/128')
end
rescue StandardError => e
raise("host_to_ip failed for #{value}, exception #{e}")
begin
@resource.host_to_mask(value, protocol)
if protocol == :IPv4
- value.chomp("/32")
+ value.chomp('/32')
elsif protocol == :IPv6
- value.chomp("/128")
+ value.chomp('/128')
end
rescue StandardError => e
raise("host_to_ip failed for #{value}, exception #{e}")
begin
@resource.host_to_mask(value, protocol)
if protocol == :IPv4
- value.chomp("/32")
+ value.chomp('/32')
elsif protocol == :IPv6
- value.chomp("/128")
+ value.chomp('/128')
end
rescue StandardError => e
raise("host_to_ip failed for #{value}, exception #{e}")
newproperty(:ctorigsrcport, required_features: :conntrack) do
desc <<-PUPPETCODE
- The original source port to match for this filter using the conntrack module.
+ The original source port to match for this filter using the conntrack module.
For example:
ctorigsrcport => '80'
newproperty(:ctorigdstport, required_features: :conntrack) do
desc <<-PUPPETCODE
- The original destination port to match for this filter using the conntrack module.
+ The original destination port to match for this filter using the conntrack module.
For example:
ctorigdstport => '80'
newproperty(:ctreplsrcport, required_features: :conntrack) do
desc <<-PUPPETCODE
- The reply source port to match for this filter using the conntrack module.
+ The reply source port to match for this filter using the conntrack module.
For example:
ctreplsrcport => '80'
newproperty(:ctrepldstport, required_features: :conntrack) do
desc <<-PUPPETCODE
- The reply destination port to match for this filter using the conntrack module.
+ The reply destination port to match for this filter using the conntrack module.
For example:
ctrepldstport => '80'
newproperty(:ctdir, required_features: :conntrack) do
desc <<-PUPPETCODE
- Matches a packet that is flowing in the specified direction using the
- conntrack module. If this flag is not specified at all, matches packets
+ Matches a packet that is flowing in the specified direction using the
+ conntrack module. If this flag is not specified at all, matches packets
in both directions. Values can be:
* REPLY
describe ':ctproto' do
it 'accepts numeric value' do
resource[:ctproto] = 6
- expect(resource[:ctproto]).to eql 6
+ expect(resource[:ctproto]).to be 6
end
it 'accepts negated string value' do
resource[:ctproto] = '! 6'
describe port do
it "should accept #{port} as numeric value" do
resource[port] = 80
- expect(resource[port]).to eql 80
+ expect(resource[port]).to be 80
end
it "should accept #{port} as range value" do
resource[port] = '80:81'
describe ':ctexpire' do
it 'accepts numeric values' do
resource[:ctexpire] = 100
- expect(resource[:ctexpire]).to eql 100
+ expect(resource[:ctexpire]).to be 100
end
it 'accepts numeric range values' do
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff