From: Stephen Grier Date: Mon, 30 Sep 2013 00:23:27 +0000 (+0100) Subject: Make rsource, rdest, reap and rttl known_booleans and remove munging. X-Git-Tag: 0.5.0~8^2~2 X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=4b9f024599e2c07295df463210b8413234cffd16;p=puppet-modules%2Fpuppetlabs-firewall.git Make rsource, rdest, reap and rttl known_booleans and remove munging. --- diff --git a/lib/puppet/provider/firewall/ip6tables.rb b/lib/puppet/provider/firewall/ip6tables.rb index 3055d08..cc8ad61 100644 --- a/lib/puppet/provider/firewall/ip6tables.rb +++ b/lib/puppet/provider/firewall/ip6tables.rb @@ -78,7 +78,7 @@ Puppet::Type.type(:firewall).provide :ip6tables, :parent => :iptables, :source = # These are known booleans that do not take a value, but we want to munge # to true if they exist. - @known_booleans = [:ishasmorefrags, :islastfrag, :isfirstfrag] + @known_booleans = [:ishasmorefrags, :islastfrag, :isfirstfrag, :rsource, :rdest, :reap, :rttl] # Create property methods dynamically (@resource_map.keys << :chain << :table << :action).each do |property| diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb index 63b75fa..a6df9c5 100644 --- a/lib/puppet/provider/firewall/iptables.rb +++ b/lib/puppet/provider/firewall/iptables.rb @@ -92,7 +92,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir # These are known booleans that do not take a value, but we want to munge # to true if they exist. - @known_booleans = [:socket, :isfragment] + @known_booleans = [:socket, :isfragment, :rsource, :rdest, :reap, :rttl] # Create property methods dynamically @@ -202,12 +202,6 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir # the actual rule will have the ! mark before the option. values = values.sub(/(!)\s*(-\S+)\s*(\S*)/, '\2 "\1 \3"') - # rsource, rdest, reap and rttl take no values. Cheat by adding "" after them. - values = values.sub(/--rsource/, '--rsource ""') - values = values.sub(/--rdest/, '--rdest ""') - values = values.sub(/--reap/, '--reap ""') - values = values.sub(/--rttl/, '--rttl ""') - # Trick the system for booleans @known_booleans.each do |bool| # append "true" because all params are expected to have values @@ -387,18 +381,6 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir next end end - if res == :rsource then - resource_value = nil - end - if res == :rdest then - resource_value = nil - end - if res == :reap then - resource_value = nil - end - if res == :rttl then - resource_value = nil - end elsif res == :jump and resource[:action] then # In this case, we are substituting jump for action resource_value = resource[:action].to_s.upcase diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb index 7ef0cf0..b7f2deb 100644 --- a/lib/puppet/type/firewall.rb +++ b/lib/puppet/type/firewall.rb @@ -698,7 +698,12 @@ Puppet::Type.newtype(:firewall) do newproperty(:recent, :required_features => :recent_limiting) do desc <<-EOS Enable the recent module. Takes as an argument one of set, update, - rcheck or remove. + rcheck or remove. For example: + + recent => 'update', + rseconds => 60, + rhitcount => 4, + rsource => true, EOS newvalues(:set, :update, :rcheck, :remove) @@ -710,14 +715,14 @@ Puppet::Type.newtype(:firewall) do newproperty(:rdest, :required_features => :recent_limiting) do desc <<-EOS Recent module; add the destination IP address to the list. - Takes no argument. + Must be boolean true. EOS end newproperty(:rsource, :required_features => :recent_limiting) do desc <<-EOS Recent module; add the source IP address to the list. - Takes no argument. + Must be boolean true. EOS end @@ -740,6 +745,7 @@ Puppet::Type.newtype(:firewall) do desc <<-EOS Recent module; can only be used in conjunction with --seconds. When used, this will cause entries older then 'seconds' to be purged. + Must be boolean true. EOS end @@ -761,6 +767,7 @@ Puppet::Type.newtype(:firewall) do useful if you have problems with people faking their source address in order to DoS you via this module by disallowing others access to your site by sending bogus packets to you. + Must be boolean true. EOS end