From 4b9f024599e2c07295df463210b8413234cffd16 Mon Sep 17 00:00:00 2001 From: Stephen Grier Date: Mon, 30 Sep 2013 01:23:27 +0100 Subject: [PATCH] Make rsource, rdest, reap and rttl known_booleans and remove munging. --- lib/puppet/provider/firewall/ip6tables.rb | 2 +- lib/puppet/provider/firewall/iptables.rb | 20 +------------------- lib/puppet/type/firewall.rb | 13 ++++++++++--- 3 files changed, 12 insertions(+), 23 deletions(-) diff --git a/lib/puppet/provider/firewall/ip6tables.rb b/lib/puppet/provider/firewall/ip6tables.rb index 3055d08..cc8ad61 100644 --- a/lib/puppet/provider/firewall/ip6tables.rb +++ b/lib/puppet/provider/firewall/ip6tables.rb @@ -78,7 +78,7 @@ Puppet::Type.type(:firewall).provide :ip6tables, :parent => :iptables, :source = # These are known booleans that do not take a value, but we want to munge # to true if they exist. - @known_booleans = [:ishasmorefrags, :islastfrag, :isfirstfrag] + @known_booleans = [:ishasmorefrags, :islastfrag, :isfirstfrag, :rsource, :rdest, :reap, :rttl] # Create property methods dynamically (@resource_map.keys << :chain << :table << :action).each do |property| diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb index 63b75fa..a6df9c5 100644 --- a/lib/puppet/provider/firewall/iptables.rb +++ b/lib/puppet/provider/firewall/iptables.rb @@ -92,7 +92,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir # These are known booleans that do not take a value, but we want to munge # to true if they exist. - @known_booleans = [:socket, :isfragment] + @known_booleans = [:socket, :isfragment, :rsource, :rdest, :reap, :rttl] # Create property methods dynamically @@ -202,12 +202,6 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir # the actual rule will have the ! mark before the option. values = values.sub(/(!)\s*(-\S+)\s*(\S*)/, '\2 "\1 \3"') - # rsource, rdest, reap and rttl take no values. Cheat by adding "" after them. - values = values.sub(/--rsource/, '--rsource ""') - values = values.sub(/--rdest/, '--rdest ""') - values = values.sub(/--reap/, '--reap ""') - values = values.sub(/--rttl/, '--rttl ""') - # Trick the system for booleans @known_booleans.each do |bool| # append "true" because all params are expected to have values @@ -387,18 +381,6 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir next end end - if res == :rsource then - resource_value = nil - end - if res == :rdest then - resource_value = nil - end - if res == :reap then - resource_value = nil - end - if res == :rttl then - resource_value = nil - end elsif res == :jump and resource[:action] then # In this case, we are substituting jump for action resource_value = resource[:action].to_s.upcase diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb index 7ef0cf0..b7f2deb 100644 --- a/lib/puppet/type/firewall.rb +++ b/lib/puppet/type/firewall.rb @@ -698,7 +698,12 @@ Puppet::Type.newtype(:firewall) do newproperty(:recent, :required_features => :recent_limiting) do desc <<-EOS Enable the recent module. Takes as an argument one of set, update, - rcheck or remove. + rcheck or remove. For example: + + recent => 'update', + rseconds => 60, + rhitcount => 4, + rsource => true, EOS newvalues(:set, :update, :rcheck, :remove) @@ -710,14 +715,14 @@ Puppet::Type.newtype(:firewall) do newproperty(:rdest, :required_features => :recent_limiting) do desc <<-EOS Recent module; add the destination IP address to the list. - Takes no argument. + Must be boolean true. EOS end newproperty(:rsource, :required_features => :recent_limiting) do desc <<-EOS Recent module; add the source IP address to the list. - Takes no argument. + Must be boolean true. EOS end @@ -740,6 +745,7 @@ Puppet::Type.newtype(:firewall) do desc <<-EOS Recent module; can only be used in conjunction with --seconds. When used, this will cause entries older then 'seconds' to be purged. + Must be boolean true. EOS end @@ -761,6 +767,7 @@ Puppet::Type.newtype(:firewall) do useful if you have problems with people faking their source address in order to DoS you via this module by disallowing others access to your site by sending bogus packets to you. + Must be boolean true. EOS end -- 2.45.2