From: lei <lei@lei-VirtualBox.(none)>
Date: Fri, 5 Jul 2013 04:57:56 +0000 (+0930)
Subject: (#215) Add support for IP range
X-Git-Tag: list^2~3
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=f8e7a174952fdafb7b5d3777c4755a4d9980d9dd;p=puppet-modules%2Fpuppetlabs-firewall.git

(#215) Add support for IP range

Add support for filtering by source and destination IP range, equivalent to '-m iprange --src-range|--dst-range',
which is only allowing a specified IP range. Excluding an IP range, '! --src-range or ! --dst-range', is not supported.

Add ':src_range' and ':dst_range' to firewall.rb
---

diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
index 823bae4..561cbf3 100644
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -44,6 +44,7 @@ Puppet::Type.newtype(:firewall) do
   feature :socket, "Match open sockets"
   feature :isfragment, "Match fragments"
   feature :address_type, "The ability match on source or destination address type"
+  feature :iprange, "The ability match on source or destination IP range "
 
   # provider specific features
   feature :iptables, "The provider provides iptables features."
@@ -114,6 +115,19 @@ Puppet::Type.newtype(:firewall) do
     end
   end
 
+  # Source IP range
+  newproperty(:src_range, :required_features => :iprange) do
+    desc <<-EOS
+      The source IP range. For example:
+
+          src_range => '192.168.1.1-192.168.1.10'
+
+      The source IP range is must in 'IP1-IP2' format.
+    EOS
+
+    newvalues(/^((25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)\.){3}(25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)-((25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)\.){3}(25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)/)
+  end
+
   newproperty(:destination) do
     desc <<-EOS
       The destination address to match. For example:
@@ -132,6 +146,19 @@ Puppet::Type.newtype(:firewall) do
     end
   end
 
+  # Destination IP range
+  newproperty(:dst_range, :required_features => :iprange) do
+    desc <<-EOS
+      The destination IP range. For example:
+
+          dst_range => '192.168.1.1-192.168.1.10'
+
+      The destination IP range is must in 'IP1-IP2' format.
+    EOS
+
+    newvalues(/^((25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)\.){3}(25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)-((25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)\.){3}(25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)/)
+  end
+
   newproperty(:sport, :array_matching => :all) do
     desc <<-EOS
       The source port to match for this filter (if the protocol supports