From d7948c2e797a2cacd54ec27a7a145e66b84ac094 Mon Sep 17 00:00:00 2001
From: Mark Nejedlo <Mark.Nejedlo@tdstelecom.com>
Date: Mon, 1 Jun 2020 14:01:44 -0500
Subject: [PATCH] add string_hex to ip6tables provider. MODULES-10684

---
 lib/puppet/provider/firewall/ip6tables.rb  | 3 ++-
 spec/fixtures/ip6tables/conversion_hash.rb | 8 ++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/puppet/provider/firewall/ip6tables.rb b/lib/puppet/provider/firewall/ip6tables.rb
index 702072c..23b0e9b 100644
--- a/lib/puppet/provider/firewall/ip6tables.rb
+++ b/lib/puppet/provider/firewall/ip6tables.rb
@@ -164,6 +164,7 @@ Puppet::Type.type(:firewall).provide :ip6tables, parent: :iptables, source: :ip6
     stat_probability: '--probability',
     state: '-m state --state',
     string: '-m string --string',
+    string_hex: '-m string --hex-string',
     string_algo: '--algo',
     string_from: '--from',
     string_to: '--to',
@@ -298,7 +299,7 @@ Puppet::Type.type(:firewall).provide :ip6tables, parent: :iptables, source: :ip6
                     :ctstate, :ctproto, :ctorigsrc, :ctorigdst, :ctreplsrc, :ctrepldst,
                     :ctorigsrcport, :ctorigdstport, :ctreplsrcport, :ctrepldstport, :ctstatus, :ctexpire, :ctdir,
                     :icmp, :hop_limit, :limit, :burst, :length, :recent, :rseconds, :reap,
-                    :rhitcount, :rttl, :rname, :mask, :rsource, :rdest, :ipset, :string, :string_algo,
+                    :rhitcount, :rttl, :rname, :mask, :rsource, :rdest, :ipset, :string, :string_hex, :string_algo,
                     :string_from, :string_to, :jump, :nflog_group, :nflog_prefix, :nflog_range, :nflog_threshold, :clamp_mss_to_pmtu, :gateway, :todest,
                     :tosource, :toports, :checksum_fill, :log_level, :log_prefix, :log_uid, :log_tcp_sequence, :log_tcp_options, :log_ip_options,
                     :reject, :set_mss, :set_dscp, :set_dscp_class, :mss, :queue_num, :queue_bypass,
diff --git a/spec/fixtures/ip6tables/conversion_hash.rb b/spec/fixtures/ip6tables/conversion_hash.rb
index 0e8d420..844bfac 100644
--- a/spec/fixtures/ip6tables/conversion_hash.rb
+++ b/spec/fixtures/ip6tables/conversion_hash.rb
@@ -34,6 +34,14 @@ ARGS_TO_HASH6 = {
       dport: ['546'],
     },
   },
+  'hexstring_matching_1' => {
+    line: '-A INPUT -m string --hex-string "|0000FF0001|" --algo bm',
+    table: 'filter',
+    params: {
+      string_hex: '|0000FF0001|',
+      string_algo: 'bm',
+    },
+  }
 }.freeze
 
 # This hash is for testing converting a hash to an argument line.
-- 
2.45.2