From: adrianiurca Date: Sun, 8 Aug 2021 21:21:50 +0000 (+0300) Subject: mac_source is downcased by iptables also on debian-11 X-Git-Tag: v3.2.0~4^2 X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=a07d1ea0e24b756026e92d45c79ed244ac5d45e4;p=puppet-modules%2Fpuppetlabs-firewall.git mac_source is downcased by iptables also on debian-11 --- diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb index 428174f..bd57ce9 100644 --- a/lib/puppet/type/firewall.rb +++ b/lib/puppet/type/firewall.rb @@ -1852,7 +1852,7 @@ Puppet::Type.newtype(:firewall) do newvalues(%r{^([0-9a-f]{2}[:]){5}([0-9a-f]{2})$}i) facter_os_name = Facter.value(:os)['name'].downcase facter_os_release = Facter.value(:os)['release']['major'].to_i - if facter_os_name == 'sles' && facter_os_release == 15 + if ['debian-11', 'sles-15'].include?("#{facter_os_name}-#{facter_os_release}") munge do |value| _value = value.downcase end diff --git a/spec/acceptance/firewall_attributes_ipv6_happy_path_spec.rb b/spec/acceptance/firewall_attributes_ipv6_happy_path_spec.rb index 96291e4..e2772f2 100644 --- a/spec/acceptance/firewall_attributes_ipv6_happy_path_spec.rb +++ b/spec/acceptance/firewall_attributes_ipv6_happy_path_spec.rb @@ -321,7 +321,7 @@ describe 'firewall attribute testing, happy path', unless: (os[:family] == 'redh expect(result.stdout).to match(%r{-A INPUT -p tcp -m iprange --dst-range 2001:db8::1-2001:db8::ff -m multiport --dports 602 -m comment --comment "602 - dst_range" -j ACCEPT}) end it 'mac_source is set' do - expect(result.stdout).to match(%r{-A INPUT -s 2001:db8::1\/(128|ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) -p tcp -m mac --mac-source 0A:1B:3C:4D:5E:6F -m comment --comment "604 - mac_source"}) + expect(result.stdout).to match(%r{-A INPUT -s 2001:db8::1\/(128|ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) -p tcp -m mac --mac-source 0(a|A):1(b|B):3(c|C):4(d|D):5(e|E):6(f|F) -m comment --comment "604 - mac_source"}) # rubocop:disable Layout/LineLength end it 'socket when true' do expect(result.stdout).to match(%r{-A INPUT -p tcp -m multiport --dports 605 -m socket -m comment --comment "605 - socket true" -j ACCEPT})