From: Jeff '2 bits' Bachtel <jbachtel@bericotechnologies.com>
Date: Mon, 6 Jan 2014 05:51:23 +0000 (-0500)
Subject: Allow --dport --sport without preceding -m
X-Git-Tag: 0.5.0~16^2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=f5b5dc073a0531ac9206f05d07df068d531c328f;p=puppet-modules%2Fpuppetlabs-firewall.git

Allow --dport --sport without preceding -m

Test rule added to spec
---

diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index 7fcd064..8c07a62 100644
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -49,7 +49,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
     :destination => "-d",
     :dst_type => "-m addrtype --dst-type",
     :dst_range => "-m iprange --dst-range",
-    :dport => ["-m multiport --dports", "-m (udp|tcp) --dport"],
+    :dport => ["-m multiport --dports", "-m (udp|tcp) --dport", "--dport"],
     :gid => "-m owner --gid-owner",
     :icmp => "-m icmp --icmp-type",
     :iniface => "-i",
@@ -67,7 +67,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
     :source => "-s",
     :src_type => "-m addrtype --src-type",
     :src_range => "-m iprange --src-range",
-    :sport => ["-m multiport --sports", "-m (udp|tcp) --sport"],
+    :sport => ["-m multiport --sports", "-m (udp|tcp) --sport", "--sport"],
     :state => "-m state --state",
     :table => "-t",
     :tcp_flags => "-m tcp --tcp-flags",
diff --git a/spec/fixtures/iptables/conversion_hash.rb b/spec/fixtures/iptables/conversion_hash.rb
index 32b6e35..cd7aa7c 100644
--- a/spec/fixtures/iptables/conversion_hash.rb
+++ b/spec/fixtures/iptables/conversion_hash.rb
@@ -6,6 +6,19 @@
 # This hash is for testing a line conversion to a hash of parameters
 # which will be used to create a resource.
 ARGS_TO_HASH = {
+  'dport_and_sport' => {
+    :line => '-A nova-compute-FORWARD -s 0.0.0.0/32 -d 255.255.255.255/32 -p udp -m udp --sport 68 --dport 67 -j ACCEPT',
+    :table => 'filter',
+    :params => {
+      :action => 'accept',
+      :chain => 'nova-compute-FORWARD',
+      :source => '0.0.0.0/32',
+      :destination => '255.255.255.255/32',
+      :sport => ['68'],
+      :dport => ['67'],
+      :proto => 'udp',
+    },
+  },
   'long_rule_1' => {
     :line => '-A INPUT -s 1.1.1.1/32 -d 1.1.1.1/32 -p tcp -m multiport --dports 7061,7062 -m multiport --sports 7061,7062 -m comment --comment "000 allow foo" -j ACCEPT',
     :table => 'filter',