X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=meta-starlingx%2Fmeta-stx-cloud%2Frecipes-support%2Fpuppet%2Ffiles%2Fpuppetlabs-firewall%2Fpuppet-firewall-random-fully-support.patch;fp=meta-starlingx%2Fmeta-stx-cloud%2Frecipes-support%2Fpuppet%2Ffiles%2Fpuppetlabs-firewall%2Fpuppet-firewall-random-fully-support.patch;h=0000000000000000000000000000000000000000;hb=48f4dcb359cde8be05e616cc6cbfc04a63b684be;hp=136bdd9a00497712b65f547367e5651feb679f45;hpb=683e49cccaff86dce0ecb80882cdf9b4fdec1e1b;p=pti%2Frtp.git diff --git a/meta-starlingx/meta-stx-cloud/recipes-support/puppet/files/puppetlabs-firewall/puppet-firewall-random-fully-support.patch b/meta-starlingx/meta-stx-cloud/recipes-support/puppet/files/puppetlabs-firewall/puppet-firewall-random-fully-support.patch deleted file mode 100644 index 136bdd9..0000000 --- a/meta-starlingx/meta-stx-cloud/recipes-support/puppet/files/puppetlabs-firewall/puppet-firewall-random-fully-support.patch +++ /dev/null @@ -1,71 +0,0 @@ -diff -ru x/lib/puppet/provider/firewall/iptables.rb y/lib/puppet/provider/firewall/iptables.rb ---- x/lib/puppet/provider/firewall/iptables.rb 2020-04-13 14:18:35.001844743 +0800 -+++ y/lib/puppet/provider/firewall/iptables.rb 2020-04-13 14:44:03.565886399 +0800 -@@ -54,6 +54,12 @@ - mark_flag = '--set-xmark' - end - -+ kernelversion = Facter.value('kernelversion') -+ if (kernelversion && Puppet::Util::Package.versioncmp(kernelversion, '3.13') >= 0) && -+ (iptables_version && Puppet::Util::Package.versioncmp(iptables_version, '1.6.2') >= 0) -+ has_feature :random_fully -+ end -+ - @protocol = "IPv4" - - @resource_map = { -@@ -94,6 +100,7 @@ - :proto => "-p", - :queue_num => "--queue-num", - :queue_bypass => "--queue-bypass", -+ :random_fully => "--random-fully", - :random => "--random", - :rdest => "--rdest", - :reap => "--reap", -@@ -271,7 +278,7 @@ - :rhitcount, :rttl, :rname, :mask, :rsource, :rdest, :ipset, :string, :string_algo, - :string_from, :string_to, :jump, :goto, :clusterip_new, :clusterip_hashmode, - :clusterip_clustermac, :clusterip_total_nodes, :clusterip_local_node, :clusterip_hash_init, :queue_num, :queue_bypass, -- :clamp_mss_to_pmtu, :gateway, :set_mss, :set_dscp, :set_dscp_class, :todest, :tosource, :toports, :to, :checksum_fill, :random, :log_prefix, -+ :clamp_mss_to_pmtu, :gateway, :set_mss, :set_dscp, :set_dscp_class, :todest, :tosource, :toports, :to, :checksum_fill, :random_fully, :random, :log_prefix, - :log_level, :log_uid, :reject, :set_mark, :match_mark, :mss, :connlimit_above, :connlimit_mask, :connmark, :time_start, :time_stop, - :month_days, :week_days, :date_start, :date_stop, :time_contiguous, :kernel_timezone - ] -@@ -399,6 +406,8 @@ - # only replace those -f that are not followed by an l to - # distinguish between -f and the '-f' inside of --tcp-flags. - values = values.sub(/\s-f(?!l)(?=.*--comment)/, ' -f true') -+ elsif bool == :random -+ values = values.sub(%r{#{resource_map[bool]}(\s|$)(?!"!")}, "#{resource_map[bool]} true") - else - values = values.sub(/#{resource_map[bool]}/, "#{resource_map[bool]} true") - end -diff -ru x/lib/puppet/type/firewall.rb y/lib/puppet/type/firewall.rb ---- x/lib/puppet/type/firewall.rb 2020-04-13 14:18:35.001844743 +0800 -+++ y/lib/puppet/type/firewall.rb 2020-04-13 14:44:03.565886399 +0800 -@@ -63,6 +63,7 @@ - feature :string_matching, "String matching features" - feature :queue_num, "Which NFQUEUE to send packets to" - feature :queue_bypass, "If nothing is listening on queue_num, allow packets to bypass the queue" -+ feature :random_fully, 'The ability to use --random-fully flag' - - # provider specific features - feature :iptables, "The provider provides iptables features." -@@ -564,6 +565,17 @@ - EOS - end - -+ newproperty(:random_fully, required_features: :random_fully) do -+ desc <<-EOS -+ When using a jump value of "MASQUERADE", "DNAT", "REDIRECT", or "SNAT" -+ this boolean will enable fully randomized port mapping. -+ -+ **NOTE** Requires Kernel >= 3.13 and iptables >= 1.6.2 -+ EOS -+ -+ newvalues(:true, :false) -+ end -+ - newproperty(:random, :required_features => :dnat) do - desc <<-EOS - When using a jump value of "MASQUERADE", "DNAT", "REDIRECT", or "SNAT"