From: Aristarkh Zagorodnikov <xm@drive.net>
Date: Tue, 14 Dec 2021 21:45:16 +0000 (+0300)
Subject: Make rpfilter feature conditional based on minimal requirements
X-Git-Tag: v3.5.0~2^2~2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=f5a5e3398557837ea580ffba992d8427305a9216;p=puppet-modules%2Fpuppetlabs-firewall.git

Make rpfilter feature conditional based on minimal requirements
---

diff --git a/lib/puppet/provider/firewall/ip6tables.rb b/lib/puppet/provider/firewall/ip6tables.rb
index 54911ef..0bc4f5d 100644
--- a/lib/puppet/provider/firewall/ip6tables.rb
+++ b/lib/puppet/provider/firewall/ip6tables.rb
@@ -46,7 +46,6 @@ Puppet::Type.type(:firewall).provide :ip6tables, parent: :iptables, source: :ip6
   has_feature :queue_num
   has_feature :queue_bypass
   has_feature :ct_target
-  has_feature :rpfilter
 
   optional_commands(ip6tables: 'ip6tables',
                     ip6tables_save: 'ip6tables-save')
@@ -66,6 +65,11 @@ Puppet::Type.type(:firewall).provide :ip6tables, parent: :iptables, source: :ip6
     has_feature :random_fully
   end
 
+  if (kernelversion && Puppet::Util::Package.versioncmp(kernelversion, '3.3') >= 0) &&
+    (ip6tables_version && Puppet::Util::Package.versioncmp(ip6tables_version, '1.4.13') >= 0)
+    has_feature :rpfilter
+  end
+
   def initialize(*args)
     ip6tables_version = Facter.value('ip6tables_version')
     raise ArgumentError, 'The ip6tables provider is not supported on version 1.3 of iptables' if ip6tables_version&.match(%r{1\.3\.\d})
diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index f193d5b..3f356f1 100644
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -51,7 +51,6 @@ Puppet::Type.type(:firewall).provide :iptables, parent: Puppet::Provider::Firewa
   has_feature :queue_bypass
   has_feature :ipvs
   has_feature :ct_target
-  has_feature :rpfilter
 
   optional_commands(iptables: 'iptables',
                     iptables_save: 'iptables-save')
@@ -72,6 +71,12 @@ Puppet::Type.type(:firewall).provide :iptables, parent: Puppet::Provider::Firewa
     has_feature :random_fully
   end
 
+  if (kernelversion && Puppet::Util::Package.versioncmp(kernelversion, '3.3') >= 0) &&
+     (iptables_version && Puppet::Util::Package.versioncmp(iptables_version, '1.4.13') >= 0)
+    has_feature :rpfilter
+  end
+
+
   @protocol = 'IPv4'
 
   @resource_map = {