From 6c6ff4e9f843db9ebf3700108bbce56fed7cd351 Mon Sep 17 00:00:00 2001
From: Lei Zhang <raymond.zhang.hurulu@gmail.com>
Date: Fri, 5 Jul 2013 14:56:33 +0930
Subject: [PATCH] (#215) Add support for IP range

Add support for filtering by source and destination IP range, equivalent to '-m iprange --src-range|--dst-range',
which is only allowing a specified IP range. Excluding an IP range, '! --src-range or ! --dst-range', is not supported.

Add ':src_range' and ':dst_range' to iptables.rb
---
 lib/puppet/provider/firewall/iptables.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index 19dd8b3..1e8617e 100644
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -23,6 +23,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
   has_feature :isfragment
   has_feature :socket
   has_feature :address_type
+  has_feature :iprange
 
   optional_commands({
     :iptables => 'iptables',
@@ -44,6 +45,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
     :burst => "--limit-burst",
     :destination => "-d",
     :dst_type => "-m addrtype --dst-type",
+    :dst_range => "-m iprange --dst-range",
     :dport => ["-m multiport --dports", "-m (udp|tcp) --dport"],
     :gid => "-m owner --gid-owner",
     :icmp => "-m icmp --icmp-type",
@@ -61,6 +63,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
     :socket => "-m socket",
     :source => "-s",
     :src_type => "-m addrtype --src-type",
+    :src_range => "-m iprange --src-range",
     :sport => ["-m multiport --sports", "-m (udp|tcp) --sport"],
     :state => "-m state --state",
     :table => "-t",
@@ -88,7 +91,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
   # we need it to properly parse and apply rules, if the order of resource
   # changes between puppet runs, the changed rules will be re-applied again.
   # This order can be determined by going through iptables source code or just tweaking and trying manually
-  @resource_list = [:table, :source, :destination, :iniface, :outiface,
+  @resource_list = [:table, :source, :src_range, :destination, :dst_range, :iniface, :outiface,
     :proto, :isfragment, :tcp_flags, :gid, :uid, :sport, :dport, :port,
     :dst_type, :src_type, :socket, :pkttype, :name, :state, :icmp,
     :limit, :burst, :jump, :todest, :tosource, :toports, :log_prefix,
-- 
2.45.2