search

voxpupuli / puppet-ferm

Puppet module to manage the ferm firewall tooling
GNU Affero General Public License v3.0
2 stars 10 forks source link

Enable negation of 'saddr', 'daddr', 'sport', and 'dport' #156

Closed kengelhardt-godaddy closed 1 year ago

kengelhardt-godaddy commented 2 years ago

I successfully tested negation with 'saddr', 'daddr', 'sport', and 'dport' using ferm v2.6.

The new parameter negate takes String as well as Array.

'forward_accept_rfc1918':
  chain: 'DOCKER-USER'
  action: 'ACCEPT'
  proto: 'tcp'
  saddr:
    - '10.0.0.0/8'
  negate: 'saddr'
'forward_accept_rfc1918':
  chain: 'DOCKER-USER'
  action: 'ACCEPT'
  proto: 'tcp'
  saddr:
    - '10.0.0.0/8'
  negate:
    - 'saddr'