From 0ea2b74c0b4a451a37bae8c2ff105b72481ab485 Mon Sep 17 00:00:00 2001 From: =?utf8?q?=C5=81ukasz=20Czapli=C5=84ski?= Date: Thu, 1 Jul 2021 15:21:29 +0200 Subject: [PATCH] fix: parsing random_fully in ip6tables Looks like https://github.com/puppetlabs/puppetlabs-firewall/commit/9a4bc6a81cf0cd4a56ba458fadac830a2c4df529 added relevant params only to iptables, not ip6tables. This results in warnings like ``` Warning: Puppet::Type::Firewall::ProviderIp6tables: Skipping unparsable iptables rule: keys (3) and values (4) count mismatch on line: -A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -j MASQUERADE --random-fully ``` --- lib/puppet/provider/firewall/ip6tables.rb | 4 +++- spec/fixtures/ip6tables/conversion_hash.rb | 8 ++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/puppet/provider/firewall/ip6tables.rb b/lib/puppet/provider/firewall/ip6tables.rb index 6a925fe..54911ef 100644 --- a/lib/puppet/provider/firewall/ip6tables.rb +++ b/lib/puppet/provider/firewall/ip6tables.rb @@ -143,6 +143,7 @@ Puppet::Type.type(:firewall).provide :ip6tables, parent: :iptables, source: :ip6 proto: '-p', queue_num: '--queue-num', queue_bypass: '--queue-bypass', + random_fully: '--random-fully', rdest: '--rdest', reap: '--reap', recent: '-m recent', @@ -222,6 +223,7 @@ Puppet::Type.type(:firewall).provide :ip6tables, parent: :iptables, source: :ip6 :log_tcp_sequence, :log_tcp_options, :log_ip_options, + :random_fully, :rsource, :rdest, :reap, @@ -308,7 +310,7 @@ Puppet::Type.type(:firewall).provide :ip6tables, parent: :iptables, source: :ip6 :icmp, :hop_limit, :limit, :burst, :length, :recent, :rseconds, :reap, :rhitcount, :rttl, :rname, :mask, :rsource, :rdest, :ipset, :string, :string_hex, :string_algo, :string_from, :string_to, :jump, :nflog_group, :nflog_prefix, :nflog_range, :nflog_threshold, :clamp_mss_to_pmtu, :gateway, :todest, - :tosource, :toports, :checksum_fill, :log_level, :log_prefix, :log_uid, :log_tcp_sequence, :log_tcp_options, :log_ip_options, + :tosource, :toports, :checksum_fill, :log_level, :log_prefix, :log_uid, :log_tcp_sequence, :log_tcp_options, :log_ip_options, :random_fully, :reject, :set_mss, :set_dscp, :set_dscp_class, :mss, :queue_num, :queue_bypass, :set_mark, :match_mark, :connlimit_above, :connlimit_mask, :connmark, :time_start, :time_stop, :month_days, :week_days, :date_start, :date_stop, :time_contiguous, :kernel_timezone, :src_cc, :dst_cc, :hashlimit_upto, :hashlimit_above, :hashlimit_name, :hashlimit_burst, diff --git a/spec/fixtures/ip6tables/conversion_hash.rb b/spec/fixtures/ip6tables/conversion_hash.rb index 844bfac..1f27ced 100644 --- a/spec/fixtures/ip6tables/conversion_hash.rb +++ b/spec/fixtures/ip6tables/conversion_hash.rb @@ -41,6 +41,14 @@ ARGS_TO_HASH6 = { string_hex: '|0000FF0001|', string_algo: 'bm', }, + }, + 'random-fully' => { + line: '-A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -j MASQUERADE --random-fully', + table: 'filter', + provider: 'ip6tables', + params: { + random_fully: 'true', + } } }.freeze -- 2.45.2