From 849706eeb672f21f8c74b3d1e683b15ead4c4293 Mon Sep 17 00:00:00 2001 From: Morten Brekkevold Date: Wed, 17 Feb 2016 13:07:24 +0100 Subject: [PATCH] Add ip protocol to puppetlabs-firewall --- README.markdown | 1 + lib/puppet/type/firewall.rb | 2 +- spec/unit/puppet/type/firewall_spec.rb | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/README.markdown b/README.markdown index 26467e0..baf784f 100644 --- a/README.markdown +++ b/README.markdown @@ -628,6 +628,7 @@ firewall { '999 this runs last': * `port`: *DEPRECATED* Using the unspecific 'port' parameter can lead to firewall rules that are unexpectedly too lax. It is recommended to always use the specific dport and sport parameters to avoid this ambiguity. The destination or source port to match for this filter (if the protocol supports ports). Will accept a single element or an array. For some firewall providers you can pass a range of ports in the format: 'start number-end number'. For example, '1-1024' would cover ports 1 to 1024. * `proto`: The specific protocol to match for this rule. This is 'tcp' by default. Valid values are: + * 'ip' * 'tcp' * 'udp' * 'icmp' diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb index 4073d6c..2529d19 100644 --- a/lib/puppet/type/firewall.rb +++ b/lib/puppet/type/firewall.rb @@ -369,7 +369,7 @@ Puppet::Type.newtype(:firewall) do *tcp*. EOS - newvalues(*[:tcp, :udp, :icmp, :"ipv6-icmp", :esp, :ah, :vrrp, :igmp, :ipencap, :ipv4, :ipv6, :ospf, :gre, :cbt, :sctp, :pim, :all].collect do |proto| + newvalues(*[:ip, :tcp, :udp, :icmp, :"ipv6-icmp", :esp, :ah, :vrrp, :igmp, :ipencap, :ipv4, :ipv6, :ospf, :gre, :cbt, :sctp, :pim, :all].collect do |proto| [proto, "! #{proto}".to_sym] end.flatten) defaultto "tcp" diff --git a/spec/unit/puppet/type/firewall_spec.rb b/spec/unit/puppet/type/firewall_spec.rb index 3e4804d..c5fdfd8 100755 --- a/spec/unit/puppet/type/firewall_spec.rb +++ b/spec/unit/puppet/type/firewall_spec.rb @@ -82,7 +82,7 @@ describe firewall do end describe ':proto' do - [:tcp, :udp, :icmp, :esp, :ah, :vrrp, :igmp, :ipencap, :ipv4, :ipv6, :ospf, :gre, :pim, :all].each do |proto| + [:ip, :tcp, :udp, :icmp, :esp, :ah, :vrrp, :igmp, :ipencap, :ipv4, :ipv6, :ospf, :gre, :pim, :all].each do |proto| it "should accept proto value #{proto}" do @resource[:proto] = proto @resource[:proto].should == proto -- 2.45.2