Skip to content

Commit

Permalink
Merge pull request #454 from mhaskel/MODULES-1612
Browse files Browse the repository at this point in the history
MODULES-1612 - sync mac_source
  • Loading branch information
cmurphy committed Dec 30, 2014
2 parents 7b0b419 + 18bb1e3 commit e422c18
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 5 deletions.
11 changes: 6 additions & 5 deletions lib/puppet/provider/firewall/ip6tables.rb
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ def self.iptables_save(*args)
:log_level => "--log-level",
:log_prefix => "--log-prefix",
:name => "-m comment --comment",
:mac_source => ["-m mac --mac-source", "--mac-source"],
:outiface => "-o",
:pkttype => "-m pkttype --pkt-type",
:port => '-m multiport --ports',
Expand Down Expand Up @@ -141,10 +142,10 @@ def self.iptables_save(*args)
# not provided with current parser [georg.koester])
@resource_list = [:table, :source, :destination, :iniface, :outiface,
:proto, :ishasmorefrags, :islastfrag, :isfirstfrag, :src_range, :dst_range,
:tcp_flags, :gid, :uid, :sport, :dport, :port, :dst_type, :src_type,
:pkttype, :name, :state, :ctstate, :icmp, :hop_limit, :limit, :burst,
:recent, :rseconds, :reap, :rhitcount, :rttl, :rname, :rsource, :rdest,
:jump, :todest, :tosource, :toports, :log_level, :log_prefix, :reject,
:connlimit_above, :connlimit_mask, :connmark]
:tcp_flags, :gid, :uid, :mac_source, :sport, :dport, :port, :dst_type,
:src_type, :pkttype, :name, :state, :ctstate, :icmp, :hop_limit, :limit,
:burst, :recent, :rseconds, :reap, :rhitcount, :rttl, :rname, :rsource,
:rdest, :jump, :todest, :tosource, :toports, :log_level, :log_prefix,
:reject, :connlimit_above, :connlimit_mask, :connmark]

end
25 changes: 25 additions & 0 deletions spec/acceptance/firewall_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -1225,6 +1225,31 @@ class { '::firewall': }
end
end

describe 'mac_source' do
context '0A:1B:3C:4D:5E:6F' do
it 'applies' do
pp = <<-EOS
class { '::firewall': }
firewall { '604 - test':
ensure => present,
source => '2001:db8::1/128',
mac_source => '0A:1B:3C:4D:5E:6F',
chain => 'INPUT',
provider => 'ip6tables',
}
EOS

apply_manifest(pp, :catch_failures => true)
end

it 'should contain the rule' do
shell('ip6tables-save') do |r|
expect(r.stdout).to match(/-A INPUT -s 2001:db8::1\/(128|ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) -p tcp -m mac --mac-source 0A:1B:3C:4D:5E:6F -m comment --comment "604 - test"/)
end
end
end
end

# ip6tables only support addrtype on a limited set of platforms
if default['platform'] =~ /el-7/ or default['platform'] =~ /debian-7/ or default['platform'] =~ /ubuntu-1404/
['dst_type', 'src_type'].each do |type|
Expand Down

0 comments on commit e422c18

Please sign in to comment.