Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

enable eb-family for all relevant firewalld-types #299

Merged
merged 1 commit into from
Sep 19, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -636,7 +636,7 @@ firewalld::direct_chains:
#### Parameters (Firewalld Direct Chains)

* `name`: name of the chain, eg `LOG_DROPS` (namevar)
* `inet_protocol`: ipv4 or ipv6, defaults to ipv4 (namevar)
* `inet_protocol`: ipv4, ipv6 or eb, defaults to ipv4 (namevar)
* `table`: The table (eg: filter) to apply the chain (namevar)

### Firewalld Direct Rules
Expand Down Expand Up @@ -674,7 +674,7 @@ firewalld::direct_rules:

* `name`: Resource name in Puppet
* `ensure`: present or absent
* `inet_protocol`: ipv4 or ipv6, defaults to ipv4
* `inet_protocol`: ipv4, ipv6 or eb, defaults to ipv4
* `table`: Table (eg: filter) which to apply the rule
* `chain`: Chain (eg: OUTPUT) which to apply the rule
* `priority`: The priority number of the rule (e.g: 0, 1, 2, ... 99)
Expand Down Expand Up @@ -709,7 +709,7 @@ firewalld::direct_passthroughs:

* `name`: Resource name in Puppet
* `ensure`: present or absent
* `inet_protocol`: ipv4 or ipv6, defaults to ipv4
* `inet_protocol`: ipv4, ipv6 or eb, defaults to ipv4
* `args`: Name of the passthroughhrough to add (e.g:
-A OUTPUT -j OUTPUT_filter)

Expand Down
16 changes: 8 additions & 8 deletions REFERENCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -490,11 +490,11 @@ The following parameters are available in the `firewalld_direct_chain` type.

##### <a name="-firewalld_direct_chain--inet_protocol"></a>`inet_protocol`

Valid values: `ipv4`, `ipv6`
Valid values: `ipv4`, `ipv6`, `eb`

namevar

Name of the TCP/IP protocol to use (e.g: ipv4, ipv6)
Name of the TCP/IP protocol to use (e.g: ipv4, ipv6, eb)

Default value: `ipv4`

Expand Down Expand Up @@ -559,9 +559,9 @@ Name of the passthroughhrough to add (e.g: -A OUTPUT -j OUTPUT_filter)

##### <a name="-firewalld_direct_passthrough--inet_protocol"></a>`inet_protocol`

Valid values: `ipv4`, `ipv6`
Valid values: `ipv4`, `ipv6`, `eb`

Name of the TCP/IP protocol to use (e.g: ipv4, ipv6)
Name of the TCP/IP protocol to use (e.g: ipv4, ipv6, eb)

Default value: `ipv4`

Expand Down Expand Up @@ -669,9 +669,9 @@ Name of the chain type to add (e.g: INPUT, OUTPUT, FORWARD)

##### <a name="-firewalld_direct_rule--inet_protocol"></a>`inet_protocol`

Valid values: `ipv4`, `ipv6`
Valid values: `ipv4`, `ipv6`, `eb`

Name of the TCP/IP protocol to use (e.g: ipv4, ipv6)
Name of the TCP/IP protocol to use (e.g: ipv4, ipv6, eb)

Default value: `ipv4`

Expand Down Expand Up @@ -1043,9 +1043,9 @@ Specify destination address, this can be a string of the IP address or a hash co

##### <a name="-firewalld_rich_rule--family"></a>`family`

Valid values: `ipv4`, `ipv6`
Valid values: `ipv4`, `ipv6`, `eb`

IP family, one of ipv4 or ipv6, defauts to ipv4
IP family, one of ipv4, ipv6 or eb, defauts to ipv4

Default value: `ipv4`

Expand Down
4 changes: 2 additions & 2 deletions lib/puppet/type/firewalld_direct_chain.rb
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,8 @@ def self.title_patterns
end

newparam(:inet_protocol) do
desc 'Name of the TCP/IP protocol to use (e.g: ipv4, ipv6)'
newvalues('ipv4', 'ipv6')
desc 'Name of the TCP/IP protocol to use (e.g: ipv4, ipv6, eb)'
newvalues('ipv4', 'ipv6', 'eb')
defaultto('ipv4')
munge(&:to_s)
isnamevar
Expand Down
4 changes: 2 additions & 2 deletions lib/puppet/type/firewalld_direct_passthrough.rb
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,8 @@
end

newparam(:inet_protocol) do
desc 'Name of the TCP/IP protocol to use (e.g: ipv4, ipv6)'
newvalues('ipv4', 'ipv6')
desc 'Name of the TCP/IP protocol to use (e.g: ipv4, ipv6, eb)'
newvalues('ipv4', 'ipv6', 'eb')
defaultto('ipv4')
munge(&:to_s)
end
Expand Down
4 changes: 2 additions & 2 deletions lib/puppet/type/firewalld_direct_rule.rb
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@
end

newparam(:inet_protocol) do
desc 'Name of the TCP/IP protocol to use (e.g: ipv4, ipv6)'
newvalues('ipv4', 'ipv6')
desc 'Name of the TCP/IP protocol to use (e.g: ipv4, ipv6, eb)'
newvalues('ipv4', 'ipv6', 'eb')
defaultto('ipv4')
munge(&:to_s)
end
Expand Down
4 changes: 2 additions & 2 deletions lib/puppet/type/firewalld_rich_rule.rb
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,8 @@
end

newparam(:family) do
desc 'IP family, one of ipv4 or ipv6, defauts to ipv4'
newvalues(:ipv4, :ipv6)
desc 'IP family, one of ipv4, ipv6 or eb, defauts to ipv4'
newvalues(:ipv4, :ipv6, :eb)
defaultto :ipv4
munge(&:to_s)
end
Expand Down
26 changes: 26 additions & 0 deletions spec/unit/puppet/type/firewalld_direct_rule_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,32 @@
end
end

describe 'eb protocol' do
let(:resource) do
described_class.new(
name: 'disable vnet stp',
ensure: 'present',
inet_protocol: 'eb',
table: 'filter',
chain: 'FORWARD',
priority: 10,
args: '-i vnet+ -d BGA -j DROP'
)
end

let(:provider) { resource.provider }

it 'creates' do
provider.expects(:execute_firewall_cmd).with(['--direct', '--add-rule', ['eb', 'filter', 'FORWARD', '10', '-i', 'vnet+', '-d', 'BGA', '-j', 'DROP']], nil)
provider.create
end

it 'destroys' do
provider.expects(:execute_firewall_cmd).with(['--direct', '--remove-rule', ['eb', 'filter', 'FORWARD', '10', '-i', 'vnet+', '-d', 'BGA', '-j', 'DROP']], nil)
provider.destroy
end
end

context 'autorequires' do
# rubocop:disable RSpec/InstanceVariable
before do
Expand Down