Specifying a destination cidr is already supported by
puppetlabs-firewall, we just need to pass through the parameter in
rule.pp in puppet-tripleo.
This will allow creating iptables rules that forward network traffic for
a given cidr via puppet-tripleo.
Change-Id: I23582a55cd97248be52f45e14de7e813ff499ff7
# (optional) The chain associated to the rule.
# Defaults to 'INPUT'
#
-# [*extras*]
+# [*destination*]
+# (optional) The destination cidr associated to the rule.
+# Defaults to undef
+#
+# [*extras*]
# (optional) Hash of any puppetlabs-firewall supported parameters.
# Defaults to {}
#
define tripleo::firewall::rule (
- $port = undef,
- $proto = 'tcp',
- $action = 'accept',
- $state = ['NEW'],
- $source = '0.0.0.0/0',
- $iniface = undef,
- $chain = 'INPUT',
- $extras = {},
+ $port = undef,
+ $proto = 'tcp',
+ $action = 'accept',
+ $state = ['NEW'],
+ $source = '0.0.0.0/0',
+ $iniface = undef,
+ $chain = 'INPUT',
+ $destination = undef,
+ $extras = {},
) {
$basic = {
- 'port' => $port,
- 'proto' => $proto,
- 'action' => $action,
- 'state' => $state,
- 'source' => $source,
- 'iniface' => $iniface,
- 'chain' => $chain,
+ 'port' => $port,
+ 'proto' => $proto,
+ 'action' => $action,
+ 'state' => $state,
+ 'source' => $source,
+ 'iniface' => $iniface,
+ 'chain' => $chain,
+ 'destination' => $destination,
}
$rule = merge($basic, $extras)
:manage_firewall => true,
:firewall_rules => {
'300 add custom application 1' => {'port' => '999', 'proto' => 'udp', 'action' => 'accept'},
- '301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'}
+ '301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'},
+ '302 fwd custom cidr 1' => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'}
}
)
end
:action => 'accept',
:state => ['NEW'],
)
+ is_expected.to contain_firewall('302 fwd custom cidr 1').with(
+ :chain => 'FORWARD',
+ :destination => '192.0.2.0/24',
+ )
end
end
Code Review / apex-puppet-tripleo.git / commitdiff