+++ /dev/null
-diff -ru x/lib/puppet/provider/firewall/iptables.rb y/lib/puppet/provider/firewall/iptables.rb
---- x/lib/puppet/provider/firewall/iptables.rb 2020-04-13 14:18:35.001844743 +0800
-+++ y/lib/puppet/provider/firewall/iptables.rb 2020-04-13 14:44:03.565886399 +0800
-@@ -54,6 +54,12 @@
- mark_flag = '--set-xmark'
- end
-
-+ kernelversion = Facter.value('kernelversion')
-+ if (kernelversion && Puppet::Util::Package.versioncmp(kernelversion, '3.13') >= 0) &&
-+ (iptables_version && Puppet::Util::Package.versioncmp(iptables_version, '1.6.2') >= 0)
-+ has_feature :random_fully
-+ end
-+
- @protocol = "IPv4"
-
- @resource_map = {
-@@ -94,6 +100,7 @@
- :proto => "-p",
- :queue_num => "--queue-num",
- :queue_bypass => "--queue-bypass",
-+ :random_fully => "--random-fully",
- :random => "--random",
- :rdest => "--rdest",
- :reap => "--reap",
-@@ -271,7 +278,7 @@
- :rhitcount, :rttl, :rname, :mask, :rsource, :rdest, :ipset, :string, :string_algo,
- :string_from, :string_to, :jump, :goto, :clusterip_new, :clusterip_hashmode,
- :clusterip_clustermac, :clusterip_total_nodes, :clusterip_local_node, :clusterip_hash_init, :queue_num, :queue_bypass,
-- :clamp_mss_to_pmtu, :gateway, :set_mss, :set_dscp, :set_dscp_class, :todest, :tosource, :toports, :to, :checksum_fill, :random, :log_prefix,
-+ :clamp_mss_to_pmtu, :gateway, :set_mss, :set_dscp, :set_dscp_class, :todest, :tosource, :toports, :to, :checksum_fill, :random_fully, :random, :log_prefix,
- :log_level, :log_uid, :reject, :set_mark, :match_mark, :mss, :connlimit_above, :connlimit_mask, :connmark, :time_start, :time_stop,
- :month_days, :week_days, :date_start, :date_stop, :time_contiguous, :kernel_timezone
- ]
-@@ -399,6 +406,8 @@
- # only replace those -f that are not followed by an l to
- # distinguish between -f and the '-f' inside of --tcp-flags.
- values = values.sub(/\s-f(?!l)(?=.*--comment)/, ' -f true')
-+ elsif bool == :random
-+ values = values.sub(%r{#{resource_map[bool]}(\s|$)(?!"!")}, "#{resource_map[bool]} true")
- else
- values = values.sub(/#{resource_map[bool]}/, "#{resource_map[bool]} true")
- end
-diff -ru x/lib/puppet/type/firewall.rb y/lib/puppet/type/firewall.rb
---- x/lib/puppet/type/firewall.rb 2020-04-13 14:18:35.001844743 +0800
-+++ y/lib/puppet/type/firewall.rb 2020-04-13 14:44:03.565886399 +0800
-@@ -63,6 +63,7 @@
- feature :string_matching, "String matching features"
- feature :queue_num, "Which NFQUEUE to send packets to"
- feature :queue_bypass, "If nothing is listening on queue_num, allow packets to bypass the queue"
-+ feature :random_fully, 'The ability to use --random-fully flag'
-
- # provider specific features
- feature :iptables, "The provider provides iptables features."
-@@ -564,6 +565,17 @@
- EOS
- end
-
-+ newproperty(:random_fully, required_features: :random_fully) do
-+ desc <<-EOS
-+ When using a jump value of "MASQUERADE", "DNAT", "REDIRECT", or "SNAT"
-+ this boolean will enable fully randomized port mapping.
-+
-+ **NOTE** Requires Kernel >= 3.13 and iptables >= 1.6.2
-+ EOS
-+
-+ newvalues(:true, :false)
-+ end
-+
- newproperty(:random, :required_features => :dnat) do
- desc <<-EOS
- When using a jump value of "MASQUERADE", "DNAT", "REDIRECT", or "SNAT"