Skip to content

Commit 3f592aa

Browse files
knackaronjonnytdevops
authored andcommitted
add physdev support
rebased from puppetlabs/puppetlabs-firewall#82
1 parent d7d3c56 commit 3f592aa

3 files changed

Lines changed: 21 additions & 0 deletions

File tree

lib/puppet/provider/firewall/ip6tables.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -119,6 +119,7 @@ def self.iptables_save(*args)
119119
:toports => "--to-ports",
120120
:tosource => "--to-source",
121121
:uid => "-m owner --uid-owner",
122+
:bridge => "-m physdev",
122123
}
123124

124125
# These are known booleans that do not take a value, but we want to munge

lib/puppet/provider/firewall/iptables.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,7 @@
105105
:tosource => "--to-source",
106106
:to => "--to",
107107
:uid => "-m owner --uid-owner",
108+
:bridge => "-m physdev",
108109
}
109110

110111
# These are known booleans that do not take a value, but we want to munge

lib/puppet/type/firewall.rb

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1033,6 +1033,19 @@ def should_to_s(value)
10331033
newvalues(/^([0-9a-f]{2}[:]){5}([0-9a-f]{2})$/i)
10341034
end
10351035

1036+
newproperty(:bridge, :required_features => :iptables) do
1037+
desc <<-EOS
1038+
Match if the packet is being bridged.
1039+
EOS
1040+
munge do |value|
1041+
if ! value.to_s.start_with?("--")
1042+
"--" + value.to_s
1043+
else
1044+
value
1045+
end
1046+
end
1047+
end
1048+
10361049
autorequire(:firewallchain) do
10371050
reqs = []
10381051
protocol = nil
@@ -1191,5 +1204,11 @@ def should_to_s(value)
11911204
self.fail "Parameter 'stat_probability' requires 'stat_mode' to be set to 'random'"
11921205
end
11931206

1207+
if value(:bridged)
1208+
unless value(:chain).to_s =~ /FORWARD/
1209+
self.fail "Parameter isbridged only applies to the FORWARD chain"
1210+
end
1211+
end
1212+
11941213
end
11951214
end

0 commit comments

Comments
 (0)