search

voxpupuli / puppet-ferm

Puppet module to manage the ferm firewall tooling
GNU Affero General Public License v3.0
2 stars 10 forks source link

ensure correct ordering of concat::fragments #171

Open kBite opened 9 months ago

kBite commented 9 months ago

Fragments that share the same order number are ordered by name.

"${chain}-${interface}-aaa"
"${chain}-${interface}-${name}"
"${chain}-${interface}-zzz"

If name starts with upper case letter they're placed outside of interface eth0 {}:

  mod comment comment 'AAA-minimal_example' proto all ACCEPT;
interface eth0 {
  mod comment comment 'aaa-minimal_example:' proto all ACCEPT;
  mod comment comment 'minimal_example' proto all ACCEPT;
}

I looked into testing for correct ordering, but didn't find a working solution.

There is (e.g.) .that_comes_before, but that's testing against before => ....

I also unsuccessfully tried testing against the content of File[/etc/ferm.d/chains/INPUT.conf] generated by concat_file.