From a005e3e052a4e41397e7060ad3bc8f45860e5336 Mon Sep 17 00:00:00 2001 From: James Slagle Date: Wed, 20 Apr 2016 09:03:03 -0400 Subject: Add destination parameter to firewall rule Specifying a destination cidr is already supported by puppetlabs-firewall, we just need to pass through the parameter in rule.pp in puppet-tripleo. This will allow creating iptables rules that forward network traffic for a given cidr via puppet-tripleo. Change-Id: I23582a55cd97248be52f45e14de7e813ff499ff7 --- manifests/firewall/rule.pp | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) (limited to 'manifests/firewall') diff --git a/manifests/firewall/rule.pp b/manifests/firewall/rule.pp index 02afbc2..ca9c6d0 100644 --- a/manifests/firewall/rule.pp +++ b/manifests/firewall/rule.pp @@ -47,29 +47,35 @@ # (optional) The chain associated to the rule. # Defaults to 'INPUT' # -# [*extras*] +# [*destination*] +# (optional) The destination cidr associated to the rule. +# Defaults to undef +# +# [*extras*] # (optional) Hash of any puppetlabs-firewall supported parameters. # Defaults to {} # define tripleo::firewall::rule ( - $port = undef, - $proto = 'tcp', - $action = 'accept', - $state = ['NEW'], - $source = '0.0.0.0/0', - $iniface = undef, - $chain = 'INPUT', - $extras = {}, + $port = undef, + $proto = 'tcp', + $action = 'accept', + $state = ['NEW'], + $source = '0.0.0.0/0', + $iniface = undef, + $chain = 'INPUT', + $destination = undef, + $extras = {}, ) { $basic = { - 'port' => $port, - 'proto' => $proto, - 'action' => $action, - 'state' => $state, - 'source' => $source, - 'iniface' => $iniface, - 'chain' => $chain, + 'port' => $port, + 'proto' => $proto, + 'action' => $action, + 'state' => $state, + 'source' => $source, + 'iniface' => $iniface, + 'chain' => $chain, + 'destination' => $destination, } $rule = merge($basic, $extras) -- cgit 1.2.3-korg