Permalink
Commits on Jul 27, 2012
  1. @kbarber

    Merge pull request #91 from saysjonathan/rspec_new_api

    rspec 2.11 compatibility
    kbarber committed Jul 27, 2012
  2. @saysjonathan

    rspec 2.11 compatibility

    saysjonathan committed Jul 27, 2012
Commits on Jul 25, 2012
  1. @dcarley

    Merge pull request #89 from kbarber/ticket/master/10322-error_with_sa…

    …me_chain_diff_table
    
    (#10322) Insert order hash included chains from different tables
    dcarley committed Jul 25, 2012
Commits on Jul 24, 2012
  1. @kbarber

    (#10322) Insert order hash included chains from different tables

    This fix corrects the insert_order handling to make sure that not only are
    rules from the same chain evaulated, but we also check that the table
    matches as well.
    kbarber committed Jul 24, 2012
Commits on Jul 17, 2012
  1. @kbarber

    Merge pull request #87 from dcarley/15556-icmp6_codes

    (#15556) Support for ICMP6 type code resolutions
    kbarber committed Jul 17, 2012
  2. @dcarley

    (#15556) Support for ICMP6 type code resolutions

    Add support for IPv6 ICMP code types as strings, which differ in mapping
    from IPv4. A subset of the currently supported strings for IPv4 are
    supported where applicable to the IPv6 specification.
    
    Currently the only way of determining the protocol family is by whether the
    provider is :iptables or :ip6tables. This can be changed within the type in
    the future.
    dcarley committed Jul 6, 2012
Commits on Jun 28, 2012
  1. @kbarber

    Merge pull request #86 from Whopper92/readme_best_practices

    Update formatting of README to meet Puppet Labs best practices
    kbarber committed Jun 28, 2012
  2. @whopper
Commits on Jun 21, 2012
  1. @kbarber

    Merge branch 'ticket/master/14755-stub_iptables_facts_for_set_mark_te…

    …sts'
    
    * ticket/master/14755-stub_iptables_facts_for_set_mark_tests:
      (#14755) Stub iptables facts for set_mark tests
    kbarber committed Jun 21, 2012
  2. @dcarley @kbarber

    (#14755) Stub iptables facts for set_mark tests

    Tests both paths of new set_mark code for IPtables 1.3.2 and 1.4.2
    
    Also allows these tests to run independently of the version of IPtables on
    the host machine, if any at all.
    dcarley committed with kbarber Jun 12, 2012
Commits on Jun 20, 2012
  1. @kbarber

    Merge branch 'fix_mark'

    * fix_mark:
      (#14755) Stub iptables_version for now so tests run on non-Linux hosts
      (#14755) Fix mark to not repeat rules with iptables 1.4.1+.
    kbarber committed Jun 20, 2012
  2. @kbarber

    (#14755) Stub iptables_version for now so tests run on non-Linux hosts

    Without a stub some tests fail on non-Linux hosts. This is because they are
    expecting a particular version of iptables to exist which isn't always true.
    
    The right answer for the provider is to actually allow the fact to be set
    per test, but for now we are doing a global override just to make tests pass.
    kbarber committed Jun 20, 2012
  3. @kbarber

    (#14755) Fix mark to not repeat rules with iptables 1.4.1+.

    Sharif Nassar committed with kbarber May 30, 2012
  4. @kbarber

    Merge branch 'ticket/master/14949'

    * ticket/master/14949:
      (#14949) Added pkttype property
    kbarber committed Jun 20, 2012
  5. @kbarber

    (#14949) Added pkttype property

    This adds the pkttype property so we can match multicast and broadcast packets.
    Ashley Penney committed with kbarber May 21, 2012
Commits on Jun 14, 2012
  1. @kbarber

    Merge pull request #85 from jasonhancock/ticket/15038-add_gre_protocol

    (#15038) add gre protocol to list of acceptable protocols
    kbarber committed Jun 14, 2012
  2. @jasonhancock
Commits on Jun 10, 2012
  1. @kbarber

    Merge branch 'ticket/master/supported_versions'

    * ticket/master/supported_versions:
      (maint) be clearer about what distributions we support
    kbarber committed Jun 10, 2012
  2. @kbarber
  3. @kbarber

    Merge branch '9364-normalise_addresses_to_cidr'

    * 9364-normalise_addresses_to_cidr:
      (#9364 #10085) Normalise iptables-save to CIDR
      (#9364 #10085) Convert an existing test to CIDR
    kbarber committed Jun 10, 2012
  4. @dcarley @kbarber

    (#9364 #10085) Normalise iptables-save to CIDR

    Normalise all source and destination addresses to CIDR notation as they are
    reverse-parsed from iptables-save. This ensures that they match how
    addresses are forward-parsed by the type with Util::Firewall.host_to_ip.
    
    Fixes two issues which both principally affect EL5 and may affect other
    providers in the future.
    
    Issue #9364:
        Single IP addresses not representing a range should be qualified in CIDR
        notation with /32 for IPv4 and /128 for IPv6.
    
    Issue #10085:
        Addresses with a dotted quad netmask representing a range should be
        qualifed with in CIDR notation instead.
    dcarley committed with kbarber May 24, 2012
  5. @dcarley @kbarber

    (#9364 #10085) Convert an existing test to CIDR

    Modify an existing test which has a source IP address without CIDR notation.
    This will break after normalisation because [:params][:source] is expected
    to be CIDR. Updating -s within [:line] too, since we aren't explcitly testing
    that behaviour with this fixture.
    dcarley committed with kbarber May 24, 2012
  6. @kbarber

    Merge branch 'ticket/master/14938-travis_matrices'

    * ticket/master/14938-travis_matrices:
      (#14938) Add more test variations for travis testing
    kbarber committed Jun 10, 2012
  7. @kbarber

    (#14938) Add more test variations for travis testing

    Include different variations of Puppet to be tested, and fix any pending issues
    so all tests pass.
    kbarber committed Jun 10, 2012
Commits on Jun 9, 2012
  1. @kbarber

    Merge branch 'travis_ci'

    * travis_ci:
      (maint) Enable travis-ci support.
    kbarber committed Jun 9, 2012
  2. @kbarber
  3. @kbarber

    Merge branch '13560'

    * 13560:
      (#13560) OUTPUT is a valid chain for the mangle table
    kbarber committed Jun 9, 2012
  4. @adamgibbins @kbarber
  5. @kbarber

    Merge branch 'ticket/10025-TCP-flags-matching-support'

    * ticket/10025-TCP-flags-matching-support:
      (#10025) Make tcp_flags support a feature.
      (#10025) Add support for --tcp-flags
    kbarber committed Jun 9, 2012
  6. @kbarber
  7. @kbarber

    (#10025) Add support for --tcp-flags

    Thomas Vander Stichele committed with kbarber Mar 4, 2012
  8. @kbarber

    Merge pull request #60 from dcarley/10164-icmp_any

    (#10164) Reject and document icmp => "any"
    kbarber committed Jun 9, 2012
Commits on Jun 6, 2012
  1. @kbarber

    Merge pull request #79 from mediatemple/limitfix

    (#14641) Fix for incorrect limit command arguments for ip6tables provider
    kbarber committed Jun 6, 2012
Commits on May 28, 2012
  1. @kbarber

    Merge pull request #80 from dcarley/10274-zero_prefixlen_addresses

    (#10274) Nullify addresses with zero prefixlen
    kbarber committed May 28, 2012
  2. @dcarley

    (#10274) Nullify addresses with zero prefixlen

    Modify the behaviour of Util::Firewall.host_to_ip, as used by the type to
    parse source and destination addresses, to return nil if the resulting CIDR
    represented address has a prefix length of zero. Includes type and provider
    tests for IPv4 and IPv6.
    
    IPtables silently omits rules with source and destination addresses that
    have a prefix length of zero (eg. 0.0.0.0/0) because they are functionally
    equivialent to not specifying any address. This was causing rules to be
    unecessarily reloaded.
    
    The behaviour of Util::IPcidr remains the same. Now includes some additional
    tests for it's identification of zero prefixlen IPv4 and IPv6 addresses.
    dcarley committed May 25, 2012