# we need it to properly parse and apply rules, if the order of resource
# changes between puppet runs, the changed rules will be re-applied again.
# This order can be determined by going through iptables source code or just tweaking and trying manually
- @resource_list = [:table, :source, :src_range, :destination, :dst_range, :iniface, :outiface,
- :proto, :isfragment, :tcp_flags, :gid, :uid, :sport, :dport, :port,
- :dst_type, :src_type, :socket, :pkttype, :name, :ipsec_dir, :ipsec_policy, :state, :ctstate, :icmp,
- :limit, :burst, :recent, :rseconds, :reap, :rhitcount, :rttl, :rname, :rsource, :rdest,
- :jump, :todest, :tosource, :toports, :log_prefix,
- :log_level, :reject, :set_mark]
+ @resource_list = [
+ :table, :source, :destination, :iniface, :outiface, :proto, :isfragment,
+ :src_range, :dst_range, :tcp_flags, :gid, :uid, :sport, :dport, :port,
+ :dst_type, :src_type, :socket, :pkttype, :name, :ipsec_dir, :ipsec_policy,
+ :state, :ctstate, :icmp, :limit, :burst, :recent, :rseconds, :reap,
+ :rhitcount, :rttl, :rname, :rsource, :rdest, :jump, :todest, :tosource,
+ :toports, :log_prefix, :log_level, :reject, :set_mark
+ ]
def insert
debug 'Inserting rule %s' % resource[:name]
:table => 'filter',
:dst_range => '10.0.0.1-10.0.0.10',
},
- :args => ['-t', :filter, '-m', 'iprange', '--dst-range', '10.0.0.1-10.0.0.10', '-p', :tcp, '-m', 'comment', '--comment', '000 dst_range'],
+ :args => ['-t', :filter, '-p', :tcp, '-m', 'iprange', '--dst-range', '10.0.0.1-10.0.0.10', '-m', 'comment', '--comment', '000 dst_range'],
},
'src_range_1' => {
:params => {
:table => 'filter',
:dst_range => '10.0.0.1-10.0.0.10',
},
- :args => ['-t', :filter, '-m', 'iprange', '--dst-range', '10.0.0.1-10.0.0.10', '-p', :tcp, '-m', 'comment', '--comment', '000 src_range'],
+ :args => ['-t', :filter, '-p', :tcp, '-m', 'iprange', '--dst-range', '10.0.0.1-10.0.0.10', '-m', 'comment', '--comment', '000 src_range'],
},
'tcp_flags_1' => {
:params => {
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff