From 688a79c6c68422c0f873074370b1bbc87c6d1007 Mon Sep 17 00:00:00 2001 From: Brent Eagles Date: Wed, 23 Nov 2016 18:59:58 -0330 Subject: Do not configure state matching when using GRE The firewall rule quite reasonably sets up a default state matching rule but this is invalid for GRE. This patch conditionally adds the state matching if the protocol is not GRE. Closes-Bug: #1644360 Change-Id: Ie4ca41d0f36e79ba6822c358e21b827105736dd7 --- spec/classes/tripleo_firewall_spec.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'spec') diff --git a/spec/classes/tripleo_firewall_spec.rb b/spec/classes/tripleo_firewall_spec.rb index 1270aa7..3116a51 100644 --- a/spec/classes/tripleo_firewall_spec.rb +++ b/spec/classes/tripleo_firewall_spec.rb @@ -76,7 +76,8 @@ describe 'tripleo::firewall' do '301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'}, '302 fwd custom cidr 1' => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'}, '303 add custom application 3' => {'dport' => '8081', 'proto' => 'tcp', 'action' => 'accept'}, - '304 add custom application 4' => {'sport' => '1000', 'proto' => 'tcp', 'action' => 'accept'} + '304 add custom application 4' => {'sport' => '1000', 'proto' => 'tcp', 'action' => 'accept'}, + '305 add gre rule' => {'proto' => 'gre'} } ) end @@ -109,6 +110,7 @@ describe 'tripleo::firewall' do :action => 'accept', :state => ['NEW'], ) + is_expected.to contain_firewall('305 add gre rule').without(:state) end end -- cgit 1.2.3-korg