From: Aron Parsons <parsonsa@bit-sys.com>
Date: Fri, 26 Sep 2014 20:58:05 +0000 (-0400)
Subject: add physdev support
X-Git-Tag: 1.4.0~12^2~2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=3f592aa7137ec9d3b9b2a4f57a97fcf60295eef5;p=puppet-modules%2Fpuppetlabs-firewall.git

add physdev support

rebased from https://github.com/puppetlabs/puppetlabs-firewall/pull/82
---

diff --git a/lib/puppet/provider/firewall/ip6tables.rb b/lib/puppet/provider/firewall/ip6tables.rb
index ce4b5b4..9139045 100644
--- a/lib/puppet/provider/firewall/ip6tables.rb
+++ b/lib/puppet/provider/firewall/ip6tables.rb
@@ -119,6 +119,7 @@ Puppet::Type.type(:firewall).provide :ip6tables, :parent => :iptables, :source =
     :toports          => "--to-ports",
     :tosource         => "--to-source",
     :uid              => "-m owner --uid-owner",
+    :bridge           => "-m physdev",
   }
 
   # These are known booleans that do not take a value, but we want to munge
diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index c842907..56c869a 100644
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -105,6 +105,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
     :tosource         => "--to-source",
     :to               => "--to",
     :uid              => "-m owner --uid-owner",
+    :bridge           => "-m physdev",
   }
 
   # These are known booleans that do not take a value, but we want to munge
diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
index 79a94a9..67060c3 100644
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -1033,6 +1033,19 @@ Puppet::Type.newtype(:firewall) do
     newvalues(/^([0-9a-f]{2}[:]){5}([0-9a-f]{2})$/i)
   end
 
+  newproperty(:bridge, :required_features => :iptables) do
+    desc <<-EOS
+      Match if the packet is being bridged.
+    EOS
+    munge do |value|
+      if ! value.to_s.start_with?("--")
+        "--" + value.to_s
+      else
+        value
+      end
+    end
+  end
+
   autorequire(:firewallchain) do
     reqs = []
     protocol = nil
@@ -1191,5 +1204,11 @@ Puppet::Type.newtype(:firewall) do
       self.fail "Parameter 'stat_probability' requires 'stat_mode' to be set to 'random'"
     end
 
+    if value(:bridged)
+      unless value(:chain).to_s =~ /FORWARD/
+        self.fail "Parameter isbridged only applies to the FORWARD chain"
+      end
+    end
+
   end
 end