From d1189759160774a91c85bf4998ac1d2394ce7b31 Mon Sep 17 00:00:00 2001
From: Jonathan Tripathy <jt@puppetlabs.com>
Date: Wed, 6 May 2015 18:33:18 +0100
Subject: [PATCH] MSS test fixes

---
 lib/puppet/type/firewall.rb          |  2 +-
 spec/acceptance/firewall_mss_spec.rb | 69 ++++++++++++++++++++++++++++
 spec/acceptance/firewall_spec.rb     | 57 -----------------------
 3 files changed, 70 insertions(+), 58 deletions(-)
 create mode 100644 spec/acceptance/firewall_mss_spec.rb

diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
index f6c723b..637c0c6 100644
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -1305,7 +1305,7 @@ Puppet::Type.newtype(:firewall) do
 
     if value(:jump).to_s == "TCPMSS"
       unless value(:set_mss)
-        self.fail "Parameter jump => TCPMSS set_mss is required"
+        self.fail "When using jump => TCPMSS, the set_mss property is required"
       end
     end
 
diff --git a/spec/acceptance/firewall_mss_spec.rb b/spec/acceptance/firewall_mss_spec.rb
new file mode 100644
index 0000000..3798015
--- /dev/null
+++ b/spec/acceptance/firewall_mss_spec.rb
@@ -0,0 +1,69 @@
+require 'spec_helper_acceptance'
+
+describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+
+  before(:all) do
+    shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush')
+    shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush')
+  end
+
+  describe 'set_mss' do
+    context '1360' do
+      it 'applies' do
+        pp = <<-EOS
+          class { '::firewall': }
+          firewall {
+            '502 - set_mss':
+              proto     => 'tcp',
+              tcp_flags => 'SYN,RST SYN',
+              jump      => 'TCPMSS',
+              set_mss   => '1360',
+              mss       => '1361:1541',
+              chain     => 'FORWARD',
+              table     => 'mangle',
+          }
+        EOS
+
+        apply_manifest(pp, :catch_failures => true)
+      end
+
+      it 'should contain the rule' do
+        shell('iptables-save -t mangle') do |r|
+          expect(r.stdout).to match(/-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "502 - set_mss" -m tcpmss --mss 1361:1541 -j TCPMSS --set-mss 1360/)
+        end
+      end
+    end
+  end
+
+  if default['platform'] !~ /el-5/
+    describe 'set_mss6' do
+      context '1360' do
+        it 'applies' do
+          pp = <<-EOS
+            class { '::firewall': }
+            firewall {
+              '502 - set_mss':
+                proto     => 'tcp',
+                tcp_flags => 'SYN,RST SYN',
+                jump      => 'TCPMSS',
+                set_mss   => '1360',
+                mss       => '1361:1541',
+                chain     => 'FORWARD',
+                table     => 'mangle',
+                provider  => 'ip6tables',
+            }
+          EOS
+
+          apply_manifest(pp, :catch_failures => true)
+        end
+
+        it 'should contain the rule' do
+          shell('ip6tables-save -t mangle') do |r|
+            expect(r.stdout).to match(/-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "502 - set_mss" -m tcpmss --mss 1361:1541 -j TCPMSS --set-mss 1360/)
+          end
+        end
+      end
+    end
+  end
+
+end
diff --git a/spec/acceptance/firewall_spec.rb b/spec/acceptance/firewall_spec.rb
index 505ef6e..3509ef8 100644
--- a/spec/acceptance/firewall_spec.rb
+++ b/spec/acceptance/firewall_spec.rb
@@ -892,63 +892,6 @@ describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfami
     end
   end
 
-  describe 'set_mss' do
-    context '1360' do
-      it 'applies' do
-        pp = <<-EOS
-          class { '::firewall': }
-          firewall {
-            '502 - set_mss':
-              proto     => 'tcp',
-              tcp_flags => 'SYN,RST SYN',
-              jump      => 'TCPMSS',
-              set_mss   => '1360',
-              mss       => '1361:1541',
-              chain     => 'FORWARD',
-              table     => 'mangle',
-          }
-        EOS
-
-        apply_manifest(pp, :catch_failures => true)
-      end
-
-      it 'should contain the rule' do
-        shell('iptables-save -t mangle') do |r|
-          expect(r.stdout).to match(/-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "502 - set_mss" -m tcpmss --mss 1361:1541 -j TCPMSS --set-mss 1360/)
-        end
-      end
-    end
-  end
-
-  describe 'set_mss6' do
-    context '1360' do
-      it 'applies' do
-        pp = <<-EOS
-          class { '::firewall': }
-          firewall {
-            '502 - set_mss':
-              proto     => 'tcp',
-              tcp_flags => 'SYN,RST SYN',
-              jump      => 'TCPMSS',
-              set_mss   => '1360',
-              mss       => '1361:1541',
-              chain     => 'FORWARD',
-              table     => 'mangle',
-              provider  => 'ip6tables',
-          }
-        EOS
-
-        apply_manifest(pp, :catch_failures => true)
-      end
-
-      it 'should contain the rule' do
-        shell('ip6tables-save -t mangle') do |r|
-          expect(r.stdout).to match(/-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "502 - set_mss" -m tcpmss --mss 1361:1541 -j TCPMSS --set-mss 1360/)
-        end
-      end
-    end
-  end
-
   # RHEL5 does not support --random
   if default['platform'] !~ /el-5/
     describe 'random' do
-- 
2.45.2