Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/master/add support for iprange #219

Merged
merged 4 commits into from
Jul 9, 2013
Merged

Feature/master/add support for iprange #219

merged 4 commits into from
Jul 9, 2013

Conversation

hunner
Copy link
Contributor

@hunner hunner commented Jul 9, 2013

Closes #215
Closes #216

lei and others added 3 commits July 5, 2013 14:27
(puppetlabs#215) Add support for IP range
f8e7a17 
Add support for filtering by source and destination IP range, equivalent to '-m iprange --src-range|--dst-range',
which is only allowing a specified IP range. Excluding an IP range, '! --src-range or ! --dst-range', is not supported.

Add ':src_range' and ':dst_range' to firewall.rb
@hurulu
(puppetlabs#215) Add support for IP range
6c6ff4e 
Add support for filtering by source and destination IP range, equivalent to '-m iprange --src-range|--dst-range',
which is only allowing a specified IP range. Excluding an IP range, '! --src-range or ! --dst-range', is not supported.

Add ':src_range' and ':dst_range' to iptables.rb
@hunner
Add specs for dst_range and src_range params
7cf280e
@kbarber-jenkins-bot
Copy link

Merged build triggered. (Status: PENDING, Details: null)

@kbarber-jenkins-bot
Copy link

Merged build started. (Status: PENDING, Details: http://box.bob.sh:8080/job/puppetlabs-firewall/318/)

@kbarber-jenkins-bot
Copy link

Merged build finished. (Status: FAILURE, Details: http://box.bob.sh:8080/job/puppetlabs-firewall/318/)

@hunner
Copy link
Contributor Author

hunner commented Jul 9, 2013

@hurulu Looks like this isn't passing on centos 5.9 http://box.bob.sh:8080/job/puppetlabs-firewall/318/RSPEC_SET=centos-59-x64/consoleFull

@hurulu
Copy link
Contributor

hurulu commented Jul 9, 2013

Hi hunner, Thank you for your feedback. I've had a quick look at this.

It seems like iptables 1.3.5 doesn't support this format:
'-m iprange --src-range 10.0.0.1-10.0.0.2 -m iprange --dst-range 10.0.0.2-10.0.0.3' with two '-m iprange ' written separately, while the newer version (1.4.x) does. Although I didn't go through every version of iptables to find the exact >=version that support this new feature, I am 95% sure that it is due to some incapability of parameters format between iptables' versions.

If this is the case, any advice?

@hurulu
Copy link
Contributor

hurulu commented Jul 9, 2013

@hunner , Hi, I've just gone through iptables 1.3.4 - 1.4.0. It turns out that >=1.3.6 will work well. Unfortunately, version 1.3.5, which is the default on CentOS5.9, does not support multiple '-m iprange' format. And all the versions<1.3.5 will fail to pass the test.

@kbarber-jenkins-bot
Copy link

Merged build triggered. (Status: PENDING, Details: null)

@kbarber-jenkins-bot
Copy link

Merged build started. (Status: PENDING, Details: http://box.bob.sh:8080/job/puppetlabs-firewall/322/)

@hunner
Copy link
Contributor Author

hunner commented Jul 9, 2013

I played around in centos 5.9 and patching the parser to know to only include -m iprange a single time seemed like a less-than-useful improvement, so I split the tests into two separate rules, since that is a more real-world use case anyway.

@kbarber-jenkins-bot
Copy link

Merged build finished. (Status: SUCCESS, Details: http://box.bob.sh:8080/job/puppetlabs-firewall/322/)

hunner added a commit that referenced this pull request Jul 9, 2013
@hunner
Merge pull request #219 from hunner/feature/master/add-support-for-ip…
8d14c7a 
…range

Feature/master/add support for iprange
@hunner hunner merged commit 8d14c7a into puppetlabs:master Jul 9, 2013
@hurulu
Copy link
Contributor

hurulu commented Jul 10, 2013

Thank you, hunner

cegeka-jenkins pushed a commit to cegeka/puppet-firewall that referenced this pull request Oct 23, 2017
@hunner
Merge pull request puppetlabs#219 from hunner/feature/master/add-supp…
5b3f25d 
…ort-for-iprange

Feature/master/add support for iprange
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@hunner @kbarber-jenkins-bot @hurulu @david22swan