From ff01ca58d4bd68c80676d42e08f03cad4d2c1945 Mon Sep 17 00:00:00 2001
From: Ken Barber <ken@bob.sh>
Date: Fri, 22 Feb 2013 15:08:19 +0000
Subject: [PATCH] Added type for socket

Signed-off-by: Ken Barber <ken@bob.sh>
---
 lib/puppet/type/firewall.rb               | 10 ++++++++++
 spec/fixtures/iptables/conversion_hash.rb |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
index 06b82fc..942120b 100644
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -34,6 +34,7 @@ Puppet::Type.newtype(:firewall) do
   feature :mark, "Set the netfilter mark value associated with the packet"
   feature :tcp_flags, "The ability to match on particular TCP flag settings"
   feature :pkttype, "Match a packet type"
+  feature :socket, "Match open sockets"
 
   # provider specific features
   feature :iptables, "The provider provides iptables features."
@@ -535,6 +536,15 @@ Puppet::Type.newtype(:firewall) do
     newvalues(:unicast, :broadcast, :multicast)
   end
 
+  newproperty(:socket, :required_features => :socket) do
+    desc <<-EOS
+      If true, matches if an open socket can be found by doing a coket lookup
+      on the packet.
+    EOS
+
+    newvalues(:true, :false)
+  end
+
   newparam(:line) do
     desc <<-EOS
       Read-only property for caching the rule line.
diff --git a/spec/fixtures/iptables/conversion_hash.rb b/spec/fixtures/iptables/conversion_hash.rb
index f416462..294e4a1 100644
--- a/spec/fixtures/iptables/conversion_hash.rb
+++ b/spec/fixtures/iptables/conversion_hash.rb
@@ -660,6 +660,6 @@ HASH_TO_ARGS = {
       :chain => 'PREROUTING',
       :socket => true,
     },
-    :args => ['-t', :mangle, '-m', 'socket', '-j', 'ACCEPT'],
+    :args => ['-t', :mangle, '-p', :tcp, '-m', 'socket', '-m', 'comment', '--comment', '050 socket option', '-j', 'ACCEPT'],
   },
 }
-- 
2.45.2