From: Ken Barber <ken@bob.sh>
Date: Sat, 9 Jun 2012 23:18:04 +0000 (+0100)
Subject: (#10025) Make tcp_flags support a feature.
X-Git-Tag: 0.1.0~27^2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=f4bb06c4ac71b432b05c1c55cfd2039e97223661;p=puppet-modules%2Fpuppetlabs-firewall.git

(#10025) Make tcp_flags support a feature.
---

diff --git a/lib/puppet/provider/firewall/ip6tables.rb b/lib/puppet/provider/firewall/ip6tables.rb
index 29e7052..b97f7e7 100644
--- a/lib/puppet/provider/firewall/ip6tables.rb
+++ b/lib/puppet/provider/firewall/ip6tables.rb
@@ -12,6 +12,8 @@ Puppet::Type.type(:firewall).provide :ip6tables, :parent => :iptables, :source =
   has_feature :reject_type
   has_feature :log_level
   has_feature :log_prefix
+  has_feature :mark
+  has_feature :tcp_flags
 
   commands :iptables      => '/sbin/ip6tables'
   commands :iptables_save => '/sbin/ip6tables-save'
diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index 5602e1d..1701a78 100644
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -18,6 +18,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
   has_feature :log_level
   has_feature :log_prefix
   has_feature :mark
+  has_feature :tcp_flags
 
   commands :iptables => '/sbin/iptables'
   commands :iptables_save => '/sbin/iptables-save'
diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
index 11997a0..7265467 100644
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -32,6 +32,7 @@ Puppet::Type.newtype(:firewall) do
   feature :log_level, "The ability to control the log level"
   feature :log_prefix, "The ability to add prefixes to log messages"
   feature :mark, "Set the netfilter mark value associated with the packet"
+  feature :tcp_flags, "The ability to match on particular TCP flag settings"
 
   # provider specific features
   feature :iptables, "The provider provides iptables features."
@@ -213,7 +214,7 @@ Puppet::Type.newtype(:firewall) do
   end
 
   # tcp-specific
-  newproperty(:tcp_flags) do
+  newproperty(:tcp_flags, :required_features => :tcp_flags) do
     desc <<-EOS
       Match when the TCP flags are as specified.
       Is a string with a list of comma-separated flag names for the mask,