From: Ken Barber <ken@bob.sh>
Date: Fri, 22 Feb 2013 15:08:19 +0000 (+0000)
Subject: Added type for socket
X-Git-Tag: 0.1.0~9^2~1
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=ff01ca58d4bd68c80676d42e08f03cad4d2c1945;p=puppet-modules%2Fpuppetlabs-firewall.git

Added type for socket

Signed-off-by: Ken Barber <ken@bob.sh>
---

diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
index 06b82fc..942120b 100644
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -34,6 +34,7 @@ Puppet::Type.newtype(:firewall) do
   feature :mark, "Set the netfilter mark value associated with the packet"
   feature :tcp_flags, "The ability to match on particular TCP flag settings"
   feature :pkttype, "Match a packet type"
+  feature :socket, "Match open sockets"
 
   # provider specific features
   feature :iptables, "The provider provides iptables features."
@@ -535,6 +536,15 @@ Puppet::Type.newtype(:firewall) do
     newvalues(:unicast, :broadcast, :multicast)
   end
 
+  newproperty(:socket, :required_features => :socket) do
+    desc <<-EOS
+      If true, matches if an open socket can be found by doing a coket lookup
+      on the packet.
+    EOS
+
+    newvalues(:true, :false)
+  end
+
   newparam(:line) do
     desc <<-EOS
       Read-only property for caching the rule line.
diff --git a/spec/fixtures/iptables/conversion_hash.rb b/spec/fixtures/iptables/conversion_hash.rb
index f416462..294e4a1 100644
--- a/spec/fixtures/iptables/conversion_hash.rb
+++ b/spec/fixtures/iptables/conversion_hash.rb
@@ -660,6 +660,6 @@ HASH_TO_ARGS = {
       :chain => 'PREROUTING',
       :socket => true,
     },
-    :args => ['-t', :mangle, '-m', 'socket', '-j', 'ACCEPT'],
+    :args => ['-t', :mangle, '-p', :tcp, '-m', 'socket', '-m', 'comment', '--comment', '050 socket option', '-j', 'ACCEPT'],
   },
 }