diff options
| author | Thore Bödecker <me@foxxx0.de> | 2020-06-25 17:44:26 +0200 |
|---|---|---|
| committer | Thore Bödecker <me@foxxx0.de> | 2020-06-25 18:40:52 +0200 |
| commit | 945faf68871dfdb9f9521cdadcdecfef65634d4b (patch) | |
| tree | 14025202a7da81c7e29f18b02d770dd7e7346a7d | |
| parent | 840e99f57957059362b387ded299e8dddb6b475c (diff) | |
| download | puppet-ferm-945faf68871dfdb9f9521cdadcdecfef65634d4b.tar.gz puppet-ferm-945faf68871dfdb9f9521cdadcdecfef65634d4b.tar.bz2 | |
use verbose multiport syntax for better compat
The dports/sports shortcut is only supported starting with ferm v2.5 which
was released very recently.
In order to support a wider range of distributions and ferm versions,
this commits switches to the more verbose version of the multiport
features.
| -rw-r--r-- | manifests/rule.pp | 4 | ||||
| -rw-r--r-- | spec/defines/rule_spec.rb | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/manifests/rule.pp b/manifests/rule.pp index 458bef6..e44d04a 100644 --- a/manifests/rule.pp +++ b/manifests/rule.pp @@ -98,7 +98,7 @@ define ferm::rule ( # ferm supports implicit multiport using the "dports" shortcut if $dport =~ Array { $dports = join($dport, ' ') - $dport_real = "dports (${dports})" + $dport_real = "mod multiport destination-ports (${dports})" } elsif $dport =~ Integer { $dport_real = "dport ${dport}" } else { @@ -108,7 +108,7 @@ define ferm::rule ( # ferm supports implicit multiport using the "sports" shortcut if $sport =~ Array { $sports = join($sport, ' ') - $sport_real = "sports (${sports})" + $sport_real = "mod multiport source-ports (${sports})" } elsif $sport =~ Integer { $sport_real = "sport ${sport}" } else { diff --git a/spec/defines/rule_spec.rb b/spec/defines/rule_spec.rb index f1887b6..b2a2abd 100644 --- a/spec/defines/rule_spec.rb +++ b/spec/defines/rule_spec.rb @@ -127,7 +127,7 @@ describe 'ferm::rule', type: :define do end it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_concat__fragment('INPUT-filter-consul').with_content("mod comment comment 'filter-consul' proto (tcp udp) dports (8301 8302) saddr @ipfilter((127.0.0.1)) ACCEPT;\n") } + it { is_expected.to contain_concat__fragment('INPUT-filter-consul').with_content("mod comment comment 'filter-consul' proto (tcp udp) mod multiport destination-ports (8301 8302) saddr @ipfilter((127.0.0.1)) ACCEPT;\n") } it { is_expected.to contain_concat__fragment('filter-INPUT-config-include') } it { is_expected.to contain_concat__fragment('filter-FORWARD-config-include') } it { is_expected.to contain_concat__fragment('filter-OUTPUT-config-include') } |