1 diff -ru x/lib/puppet/provider/firewall/iptables.rb y/lib/puppet/provider/firewall/iptables.rb
2 --- x/lib/puppet/provider/firewall/iptables.rb 2020-04-13 14:18:35.001844743 +0800
3 +++ y/lib/puppet/provider/firewall/iptables.rb 2020-04-13 14:44:03.565886399 +0800
5 mark_flag = '--set-xmark'
8 + kernelversion = Facter.value('kernelversion')
9 + if (kernelversion && Puppet::Util::Package.versioncmp(kernelversion, '3.13') >= 0) &&
10 + (iptables_version && Puppet::Util::Package.versioncmp(iptables_version, '1.6.2') >= 0)
11 + has_feature :random_fully
19 :queue_num => "--queue-num",
20 :queue_bypass => "--queue-bypass",
21 + :random_fully => "--random-fully",
22 :random => "--random",
26 :rhitcount, :rttl, :rname, :mask, :rsource, :rdest, :ipset, :string, :string_algo,
27 :string_from, :string_to, :jump, :goto, :clusterip_new, :clusterip_hashmode,
28 :clusterip_clustermac, :clusterip_total_nodes, :clusterip_local_node, :clusterip_hash_init, :queue_num, :queue_bypass,
29 - :clamp_mss_to_pmtu, :gateway, :set_mss, :set_dscp, :set_dscp_class, :todest, :tosource, :toports, :to, :checksum_fill, :random, :log_prefix,
30 + :clamp_mss_to_pmtu, :gateway, :set_mss, :set_dscp, :set_dscp_class, :todest, :tosource, :toports, :to, :checksum_fill, :random_fully, :random, :log_prefix,
31 :log_level, :log_uid, :reject, :set_mark, :match_mark, :mss, :connlimit_above, :connlimit_mask, :connmark, :time_start, :time_stop,
32 :month_days, :week_days, :date_start, :date_stop, :time_contiguous, :kernel_timezone
35 # only replace those -f that are not followed by an l to
36 # distinguish between -f and the '-f' inside of --tcp-flags.
37 values = values.sub(/\s-f(?!l)(?=.*--comment)/, ' -f true')
38 + elsif bool == :random
39 + values = values.sub(%r{#{resource_map[bool]}(\s|$)(?!"!")}, "#{resource_map[bool]} true")
41 values = values.sub(/#{resource_map[bool]}/, "#{resource_map[bool]} true")
43 diff -ru x/lib/puppet/type/firewall.rb y/lib/puppet/type/firewall.rb
44 --- x/lib/puppet/type/firewall.rb 2020-04-13 14:18:35.001844743 +0800
45 +++ y/lib/puppet/type/firewall.rb 2020-04-13 14:44:03.565886399 +0800
47 feature :string_matching, "String matching features"
48 feature :queue_num, "Which NFQUEUE to send packets to"
49 feature :queue_bypass, "If nothing is listening on queue_num, allow packets to bypass the queue"
50 + feature :random_fully, 'The ability to use --random-fully flag'
52 # provider specific features
53 feature :iptables, "The provider provides iptables features."
58 + newproperty(:random_fully, required_features: :random_fully) do
60 + When using a jump value of "MASQUERADE", "DNAT", "REDIRECT", or "SNAT"
61 + this boolean will enable fully randomized port mapping.
63 + **NOTE** Requires Kernel >= 3.13 and iptables >= 1.6.2
66 + newvalues(:true, :false)
69 newproperty(:random, :required_features => :dnat) do
71 When using a jump value of "MASQUERADE", "DNAT", "REDIRECT", or "SNAT"