Support --sport/--dport on ip6tables

xbezdick · Dec 29, 2014 · 946cf58 · 946cf58
1 parent 89e8471
commit 946cf58
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/lib/puppet/provider/firewall/ip6tables.rb b/lib/puppet/provider/firewall/ip6tables.rb
@@ -54,7 +54,7 @@ def self.iptables_save(*args)
     :connmark         => "-m connmark --mark",
     :ctstate          => "-m conntrack --ctstate",
     :destination      => "-d",
-    :dport            => "-m multiport --dports",
+    :dport            => ["-m multiport --dports", "--dport"],
     :gid              => "-m owner --gid-owner",
     :hop_limit        => "-m hl --hl-eq",
     :icmp             => "-m icmp6 --icmpv6-type",
@@ -81,7 +81,7 @@ def self.iptables_save(*args)
     :rsource          => "--rsource",
     :rttl             => "--rttl",
     :source           => "-s",
-    :sport            => "-m multiport --sports",
+    :sport            => ["-m multiport --sports", "--sport"],
     :stat_every       => '--every',
     :stat_mode        => "-m statistic --mode",
     :stat_packet      => '--packet',

diff --git a/spec/fixtures/ip6tables/conversion_hash.rb b/spec/fixtures/ip6tables/conversion_hash.rb
@@ -24,6 +24,16 @@
       :destination => '2001:db8:4321::/48',
     },
   },
+  'udp_source_port_and_destination_port' => {
+    :line => '-A ufw6-before-input -s fe80::/10 -d fe80::/10 -p udp -m udp --sport 547 --dport 546 -j ACCEPT',
+    :table => 'filter',
+    :provider => 'ip6tables',
+    :params => {
+      :proto => 'udp',
+      :sport => ['547'],
+      :dport => ['546'],
+    },
+  }
 }
 
 # This hash is for testing converting a hash to an argument line.