From: Jeff '2 bits' Bachtel <jbachtel@bericotechnologies.com>
Date: Wed, 5 Mar 2014 17:32:02 +0000 (-0500)
Subject: Add support for mac address source rules
X-Git-Tag: 1.3.0~1^2~25^2~1
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=3f750188e458fc28301cbc51e814c89b95fb8f60;p=puppet-modules%2Fpuppetlabs-firewall.git

Add support for mac address source rules

This is necessary to parse rules generated on OpenStack Havana + Neutron + OpenVSwitch
---

diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index 3cd9c83..c22f66a 100644
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -96,6 +96,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
     :ipsec_dir       => "-m policy --dir",
     :ipsec_policy    => "--pol",
     :mask            => '--mask',
+    :mac_addr        => ["-m mac --mac-source", "--mac-source"],
   }
 
   # These are known booleans that do not take a value, but we want to munge
@@ -144,7 +145,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
   # This order can be determined by going through iptables source code or just tweaking and trying manually
   @resource_list = [
     :table, :source, :destination, :iniface, :outiface, :proto, :isfragment,
-    :src_range, :dst_range, :tcp_flags, :gid, :uid, :sport, :dport, :port,
+    :src_range, :dst_range, :tcp_flags, :gid, :uid, :mac_addr, :sport, :dport, :port,
     :dst_type, :src_type, :socket, :pkttype, :name, :ipsec_dir, :ipsec_policy,
     :state, :ctstate, :icmp, :limit, :burst, :recent, :rseconds, :reap,
     :rhitcount, :rttl, :rname, :mask, :rsource, :rdest, :jump, :todest,
diff --git a/spec/fixtures/iptables/conversion_hash.rb b/spec/fixtures/iptables/conversion_hash.rb
index 105d27f..1b8f3fc 100644
--- a/spec/fixtures/iptables/conversion_hash.rb
+++ b/spec/fixtures/iptables/conversion_hash.rb
@@ -6,6 +6,15 @@
 # This hash is for testing a line conversion to a hash of parameters
 # which will be used to create a resource.
 ARGS_TO_HASH = {
+  'mac_source_1' => {
+    :line => '-A neutron-openvswi-FORWARD -b -s 1.2.3.4/32 -m mac --mac-source FA:16:00:00:00:00 -j ACCEPT',
+    :table => 'filter',
+    :params => {
+      :chain => 'neutron-openvswi-FORWARD',
+      :source => '1.2.3.4/32',
+      :mac_addr => 'FA:16:00:00:00:00',
+    },
+  },
   'dport_and_sport' => {
     :line => '-A nova-compute-FORWARD -s 0.0.0.0/32 -d 255.255.255.255/32 -p udp -m udp --sport 68 --dport 67 -j ACCEPT',
     :table => 'filter',