From a566f7aa6a579b1882b6c6d25ed507f2776cf497 Mon Sep 17 00:00:00 2001 From: Patrick Hemmer Date: Wed, 18 Dec 2013 12:49:27 -0500 Subject: [PATCH 1/2] allow input chain in nat table --- lib/puppet/type/firewallchain.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/puppet/type/firewallchain.rb b/lib/puppet/type/firewallchain.rb index 2ed1e5b1e..75ffa4e73 100644 --- a/lib/puppet/type/firewallchain.rb +++ b/lib/puppet/type/firewallchain.rb @@ -56,8 +56,8 @@ raise ArgumentError, "PREROUTING, POSTROUTING, INPUT, FORWARD and OUTPUT are the only inbuilt chains that can be used in table 'mangle'" end when 'nat' - if chain =~ /^(BROUTING|INPUT|FORWARD)$/ - raise ArgumentError, "PREROUTING, POSTROUTING and OUTPUT are the only inbuilt chains that can be used in table 'nat'" + if chain =~ /^(BROUTING|FORWARD)$/ + raise ArgumentError, "PREROUTING, POSTROUTING, INPUT, and OUTPUT are the only inbuilt chains that can be used in table 'nat'" end if protocol =~/^(IP(v6)?)?$/ raise ArgumentError, "table nat isn't valid in IPv6. You must specify ':IPv4' as the name suffix" From 370230a0657d8b8c73b098471a18bc86f62fed0a Mon Sep 17 00:00:00 2001 From: Patrick Hemmer Date: Fri, 20 Dec 2013 15:20:11 -0500 Subject: [PATCH 2/2] update specs to allow INPUT:nat:IPv4 --- spec/unit/puppet/type/firewallchain_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/unit/puppet/type/firewallchain_spec.rb b/spec/unit/puppet/type/firewallchain_spec.rb index 6632d4fcd..e3efda095 100755 --- a/spec/unit/puppet/type/firewallchain_spec.rb +++ b/spec/unit/puppet/type/firewallchain_spec.rb @@ -26,7 +26,7 @@ end describe ':name' do - {'nat' => ['PREROUTING', 'POSTROUTING', 'OUTPUT'], + {'nat' => ['PREROUTING', 'POSTROUTING', 'INPUT', 'OUTPUT'], 'mangle' => [ 'PREROUTING', 'POSTROUTING', 'INPUT', 'FORWARD', 'OUTPUT' ], 'filter' => ['INPUT','OUTPUT','FORWARD'], 'raw' => [ 'PREROUTING', 'OUTPUT'],