From 7ec314ee5915b5576742ffa59586eccff59308be Mon Sep 17 00:00:00 2001
From: Jan Vansteenkiste <jan@vstone.eu>
Date: Wed, 22 Aug 2012 17:14:57 +0200
Subject: [PATCH] Use host_to_mask so we can negate a mask. Also added
 documentation.

A custom provider should probably be aware that these kind of masks are possible.
---
 lib/puppet/type/firewall.rb | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
index f887194..ec14e7f 100644
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -107,12 +107,16 @@ Puppet::Type.newtype(:firewall) do
 
           source => '192.168.2.0/24'
 
+      You can also negate a mask by putting ! in front. For example:
+
+          source => '! 192.168.2.0/24'
+
       The source can also be an IPv6 address if your provider supports it.
     EOS
 
     munge do |value|
       begin
-        @resource.host_to_ip(value)
+        @resource.host_to_mask(value)
       rescue Exception => e
         self.fail("host_to_ip failed for #{value}, exception #{e}")
       end
@@ -138,12 +142,16 @@ Puppet::Type.newtype(:firewall) do
 
           destination => '192.168.1.0/24'
 
+      You can also negate a mask by putting ! in front. For example:
+
+          destination  => '! 192.168.2.0/24'
+
       The destination can also be an IPv6 address if your provider supports it.
     EOS
 
     munge do |value|
       begin
-        @resource.host_to_ip(value)
+        @resource.host_to_mask(value)
       rescue Exception => e
         self.fail("host_to_ip failed for #{value}, exception #{e}")
       end
-- 
2.45.2