From 688a79c6c68422c0f873074370b1bbc87c6d1007 Mon Sep 17 00:00:00 2001
From: Brent Eagles <beagles@redhat.com>
Date: Wed, 23 Nov 2016 18:59:58 -0330
Subject: Do not configure state matching when using GRE

The firewall rule quite reasonably sets up a default state matching rule
but this is invalid for GRE. This patch conditionally adds the state
matching if the protocol is not GRE.

Closes-Bug: #1644360
Change-Id: Ie4ca41d0f36e79ba6822c358e21b827105736dd7
---
 spec/classes/tripleo_firewall_spec.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'spec')

diff --git a/spec/classes/tripleo_firewall_spec.rb b/spec/classes/tripleo_firewall_spec.rb
index 1270aa7..3116a51 100644
--- a/spec/classes/tripleo_firewall_spec.rb
+++ b/spec/classes/tripleo_firewall_spec.rb
@@ -76,7 +76,8 @@ describe 'tripleo::firewall' do
             '301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'},
             '302 fwd custom cidr 1'        => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'},
             '303 add custom application 3' => {'dport' => '8081', 'proto' => 'tcp', 'action' => 'accept'},
-            '304 add custom application 4' => {'sport' => '1000', 'proto' => 'tcp', 'action' => 'accept'}
+            '304 add custom application 4' => {'sport' => '1000', 'proto' => 'tcp', 'action' => 'accept'},
+            '305 add gre rule'             => {'proto' => 'gre'}
           }
         )
       end
@@ -109,6 +110,7 @@ describe 'tripleo::firewall' do
           :action => 'accept',
           :state  => ['NEW'],
         )
+        is_expected.to contain_firewall('305 add gre rule').without(:state)
       end
     end
 
-- 
cgit 1.2.3-korg