Skip to content

Commit

Permalink
Merge pull request #271 from ananace/add-icmp-type
Browse files Browse the repository at this point in the history 
Add icmp-type support to rich rules
  • Loading branch information
@trevor-vaughan
trevor-vaughan authored Apr 22, 2020
2 parents 5125849 + 4fe5e84 commit 07f9483
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 3 deletions.
4 changes: 3 additions & 1 deletion lib/puppet/provider/firewalld_rich_rule/firewall_cmd.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ def eval_dest
end

def elements
[:service, :port, :protocol, :icmp_block, :masquerade, :forward_port]
[:service, :port, :protocol, :icmp_block, :icmp_type, :masquerade, :forward_port]
end

def eval_element
Expand All @@ -59,6 +59,8 @@ def eval_element
args << quote_keyval('protocol', @resource[:port]['protocol'])
when :icmp_block
args << quote_keyval('name', @resource[:icmp_block])
when :icmp_type
args << quote_keyval('name', @resource[:icmp_type])
# when :masquerade
# `masquerade` doesn't accept any arguments.
when :forward_port
Expand Down
6 changes: 5 additions & 1 deletion lib/puppet/type/firewalld_rich_rule.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,10 @@
desc 'Specify the element as an icmp-block'
end

newparam(:icmp_type) do
desc 'Specify the element as an icmp-type'
end

newparam(:masquerade) do
desc 'Specify the element as masquerade'
end
Expand Down Expand Up @@ -115,7 +119,7 @@ def _validate_action(value)
end

def elements
[:service, :port, :protocol, :icmp_block, :masquerade, :forward_port]
[:service, :port, :protocol, :icmp_block, :icmp_type, :masquerade, :forward_port]
end

validate do
Expand Down
2 changes: 2 additions & 0 deletions spec/unit/puppet/provider/firewalld_rich_rule_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
resource.expects(:[]).with(:port).returns(nil)
resource.expects(:[]).with(:protocol).returns(nil)
resource.expects(:[]).with(:icmp_block).returns(nil)
resource.expects(:[]).with(:icmp_type).returns(nil)
resource.expects(:[]).with(:masquerade).returns(nil)
resource.expects(:[]).with(:forward_port).returns(nil)
resource.expects(:[]).with(:log).returns(nil)
Expand All @@ -51,6 +52,7 @@
resource.expects(:[]).with(:port).returns(nil)
resource.expects(:[]).with(:protocol).returns(nil)
resource.expects(:[]).with(:icmp_block).returns(nil)
resource.expects(:[]).with(:icmp_type).returns(nil)
resource.expects(:[]).with(:masquerade).returns(nil)
resource.expects(:[]).with(:forward_port).returns(nil)
resource.expects(:[]).with(:log).returns(nil)
Expand Down
15 changes: 14 additions & 1 deletion spec/unit/puppet/type/firewalld_rich_rule_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
:action,
:protocol,
:icmp_block,
:icmp_type,
:masquerade,
:forward_port,
:log,
Expand Down Expand Up @@ -171,7 +172,19 @@
forward_port: { 'port' => '8080', 'protocol' => 'tcp', 'to_addr' => '10.72.1.10', 'to_port' => '80' },
zone: 'restricted',
log: { 'level' => 'debug' }
} => 'rule family="ipv4" forward-port port="8080" protocol="tcp" to-port="80" to-addr="10.72.1.10" log level="debug"'
} => 'rule family="ipv4" forward-port port="8080" protocol="tcp" to-port="80" to-addr="10.72.1.10" log level="debug"',

## test icmp-type
{
name: 'accept echo',
ensure: 'present',
family: 'ipv4',
zone: 'restricted',
dest: '10.0.1.2/24',
icmp_type: 'echo',
log: { 'level' => 'debug' },
action: 'accept'
} => 'rule family="ipv4" destination address="10.0.1.2/24" icmp-type name="echo" log level="debug" accept'

}

Expand Down

0 comments on commit 07f9483

Please sign in to comment.