diff options
| -rw-r--r-- | REFERENCE.md | 2 | ||||
| -rw-r--r-- | manifests/rule.pp | 6 | ||||
| -rw-r--r-- | spec/defines/rule_spec.rb | 19 | ||||
| -rw-r--r-- | types/protocols.pp | 5 |
4 files changed, 28 insertions, 4 deletions
diff --git a/REFERENCE.md b/REFERENCE.md index 33327c5..62a5d3b 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -420,7 +420,7 @@ Alias of `Enum['ACCEPT', 'DROP']` a list of allowed protocolls to match -Alias of `Enum['icmp', 'tcp', 'udp', 'udplite', 'icmpv6', 'esp', 'ah', 'sctp', 'mh', 'all']` +Alias of `Variant[Enum['icmp', 'tcp', 'udp', 'udplite', 'icmpv6', 'esp', 'ah', 'sctp', 'mh', 'all'], Array[Enum['icmp', 'tcp', 'udp', 'udplite', 'icmpv6', 'esp', 'ah', 'sctp', 'mh', 'all']]]` ### Ferm::Tables diff --git a/manifests/rule.pp b/manifests/rule.pp index 4f2c985..a973601 100644 --- a/manifests/rule.pp +++ b/manifests/rule.pp @@ -73,8 +73,10 @@ define ferm::rule ( Ferm::Chain <| chain == $action_temp and table == $table |> -> Ferm::Rule[$name] } - - $proto_real = "proto ${proto}" + $proto_real = $proto ? { + Array => "proto (${join($proto, ' ')})", + String => "proto ${proto}", + } $dport_real = $dport ? { undef => '', diff --git a/spec/defines/rule_spec.rb b/spec/defines/rule_spec.rb index ef20e17..33ce169 100644 --- a/spec/defines/rule_spec.rb +++ b/spec/defines/rule_spec.rb @@ -114,6 +114,25 @@ describe 'ferm::rule', type: :define do it { is_expected.to contain_concat__fragment('INPUT-eth0-zzz').with_content("}\n") } end + context 'without a specific interface using array for proto' do + let(:title) { 'filter-consul' } + let :params do + { + chain: 'INPUT', + action: 'ACCEPT', + proto: %w[tcp udp], + dport: '(8301 8302)', + saddr: '127.0.0.1' + } + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_concat__fragment('INPUT-filter-consul').with_content("mod comment comment 'filter-consul' proto (tcp udp) dport (8301 8302) saddr @ipfilter((127.0.0.1)) ACCEPT;\n") } + it { is_expected.to contain_concat__fragment('filter-INPUT-config-include') } + it { is_expected.to contain_concat__fragment('filter-FORWARD-config-include') } + it { is_expected.to contain_concat__fragment('filter-OUTPUT-config-include') } + end + context 'with jumping to custom chains' do # create custom chain let(:pre_condition) do diff --git a/types/protocols.pp b/types/protocols.pp index ee3ac2b..cdd76b2 100644 --- a/types/protocols.pp +++ b/types/protocols.pp @@ -1,2 +1,5 @@ # @summary a list of allowed protocolls to match -type Ferm::Protocols = Enum['icmp', 'tcp', 'udp', 'udplite', 'icmpv6', 'esp', 'ah', 'sctp', 'mh', 'all'] +type Ferm::Protocols = Variant[ + Enum['icmp', 'tcp', 'udp', 'udplite', 'icmpv6', 'esp', 'ah', 'sctp', 'mh', 'all'], + Array[Enum['icmp', 'tcp', 'udp', 'udplite', 'icmpv6', 'esp', 'ah', 'sctp', 'mh', 'all']], +] |