diff --git a/README.md b/README.md
index 1c2e2716..c3ec4b35 100644
--- a/README.md
+++ b/README.md
@@ -636,7 +636,7 @@ firewalld::direct_chains:
#### Parameters (Firewalld Direct Chains)
* `name`: name of the chain, eg `LOG_DROPS` (namevar)
-* `inet_protocol`: ipv4 or ipv6, defaults to ipv4 (namevar)
+* `inet_protocol`: ipv4, ipv6 or eb, defaults to ipv4 (namevar)
* `table`: The table (eg: filter) to apply the chain (namevar)
### Firewalld Direct Rules
@@ -674,7 +674,7 @@ firewalld::direct_rules:
* `name`: Resource name in Puppet
* `ensure`: present or absent
-* `inet_protocol`: ipv4 or ipv6, defaults to ipv4
+* `inet_protocol`: ipv4, ipv6 or eb, defaults to ipv4
* `table`: Table (eg: filter) which to apply the rule
* `chain`: Chain (eg: OUTPUT) which to apply the rule
* `priority`: The priority number of the rule (e.g: 0, 1, 2, ... 99)
@@ -709,7 +709,7 @@ firewalld::direct_passthroughs:
* `name`: Resource name in Puppet
* `ensure`: present or absent
-* `inet_protocol`: ipv4 or ipv6, defaults to ipv4
+* `inet_protocol`: ipv4, ipv6 or eb, defaults to ipv4
* `args`: Name of the passthroughhrough to add (e.g:
-A OUTPUT -j OUTPUT_filter)
diff --git a/REFERENCE.md b/REFERENCE.md
index 6f7176d0..b7c735d7 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -490,11 +490,11 @@ The following parameters are available in the `firewalld_direct_chain` type.
##### `inet_protocol`
-Valid values: `ipv4`, `ipv6`
+Valid values: `ipv4`, `ipv6`, `eb`
namevar
-Name of the TCP/IP protocol to use (e.g: ipv4, ipv6)
+Name of the TCP/IP protocol to use (e.g: ipv4, ipv6, eb)
Default value: `ipv4`
@@ -559,9 +559,9 @@ Name of the passthroughhrough to add (e.g: -A OUTPUT -j OUTPUT_filter)
##### `inet_protocol`
-Valid values: `ipv4`, `ipv6`
+Valid values: `ipv4`, `ipv6`, `eb`
-Name of the TCP/IP protocol to use (e.g: ipv4, ipv6)
+Name of the TCP/IP protocol to use (e.g: ipv4, ipv6, eb)
Default value: `ipv4`
@@ -669,9 +669,9 @@ Name of the chain type to add (e.g: INPUT, OUTPUT, FORWARD)
##### `inet_protocol`
-Valid values: `ipv4`, `ipv6`
+Valid values: `ipv4`, `ipv6`, `eb`
-Name of the TCP/IP protocol to use (e.g: ipv4, ipv6)
+Name of the TCP/IP protocol to use (e.g: ipv4, ipv6, eb)
Default value: `ipv4`
@@ -1043,9 +1043,9 @@ Specify destination address, this can be a string of the IP address or a hash co
##### `family`
-Valid values: `ipv4`, `ipv6`
+Valid values: `ipv4`, `ipv6`, `eb`
-IP family, one of ipv4 or ipv6, defauts to ipv4
+IP family, one of ipv4, ipv6 or eb, defauts to ipv4
Default value: `ipv4`
diff --git a/lib/puppet/type/firewalld_direct_chain.rb b/lib/puppet/type/firewalld_direct_chain.rb
index aa3c715d..81b962d8 100644
--- a/lib/puppet/type/firewalld_direct_chain.rb
+++ b/lib/puppet/type/firewalld_direct_chain.rb
@@ -39,8 +39,8 @@ def self.title_patterns
end
newparam(:inet_protocol) do
- desc 'Name of the TCP/IP protocol to use (e.g: ipv4, ipv6)'
- newvalues('ipv4', 'ipv6')
+ desc 'Name of the TCP/IP protocol to use (e.g: ipv4, ipv6, eb)'
+ newvalues('ipv4', 'ipv6', 'eb')
defaultto('ipv4')
munge(&:to_s)
isnamevar
diff --git a/lib/puppet/type/firewalld_direct_passthrough.rb b/lib/puppet/type/firewalld_direct_passthrough.rb
index 7ac2c0a2..a5eab941 100644
--- a/lib/puppet/type/firewalld_direct_passthrough.rb
+++ b/lib/puppet/type/firewalld_direct_passthrough.rb
@@ -27,8 +27,8 @@
end
newparam(:inet_protocol) do
- desc 'Name of the TCP/IP protocol to use (e.g: ipv4, ipv6)'
- newvalues('ipv4', 'ipv6')
+ desc 'Name of the TCP/IP protocol to use (e.g: ipv4, ipv6, eb)'
+ newvalues('ipv4', 'ipv6', 'eb')
defaultto('ipv4')
munge(&:to_s)
end
diff --git a/lib/puppet/type/firewalld_direct_rule.rb b/lib/puppet/type/firewalld_direct_rule.rb
index 20b45a01..65d8e963 100644
--- a/lib/puppet/type/firewalld_direct_rule.rb
+++ b/lib/puppet/type/firewalld_direct_rule.rb
@@ -28,8 +28,8 @@
end
newparam(:inet_protocol) do
- desc 'Name of the TCP/IP protocol to use (e.g: ipv4, ipv6)'
- newvalues('ipv4', 'ipv6')
+ desc 'Name of the TCP/IP protocol to use (e.g: ipv4, ipv6, eb)'
+ newvalues('ipv4', 'ipv6', 'eb')
defaultto('ipv4')
munge(&:to_s)
end
diff --git a/lib/puppet/type/firewalld_rich_rule.rb b/lib/puppet/type/firewalld_rich_rule.rb
index f75f428f..b03e8e57 100644
--- a/lib/puppet/type/firewalld_rich_rule.rb
+++ b/lib/puppet/type/firewalld_rich_rule.rb
@@ -42,8 +42,8 @@
end
newparam(:family) do
- desc 'IP family, one of ipv4 or ipv6, defauts to ipv4'
- newvalues(:ipv4, :ipv6)
+ desc 'IP family, one of ipv4, ipv6 or eb, defauts to ipv4'
+ newvalues(:ipv4, :ipv6, :eb)
defaultto :ipv4
munge(&:to_s)
end
diff --git a/spec/unit/puppet/type/firewalld_direct_rule_spec.rb b/spec/unit/puppet/type/firewalld_direct_rule_spec.rb
index df9a9741..e50c9d9d 100644
--- a/spec/unit/puppet/type/firewalld_direct_rule_spec.rb
+++ b/spec/unit/puppet/type/firewalld_direct_rule_spec.rb
@@ -81,6 +81,32 @@
end
end
+ describe 'eb protocol' do
+ let(:resource) do
+ described_class.new(
+ name: 'disable vnet stp',
+ ensure: 'present',
+ inet_protocol: 'eb',
+ table: 'filter',
+ chain: 'FORWARD',
+ priority: 10,
+ args: '-i vnet+ -d BGA -j DROP'
+ )
+ end
+
+ let(:provider) { resource.provider }
+
+ it 'creates' do
+ provider.expects(:execute_firewall_cmd).with(['--direct', '--add-rule', ['eb', 'filter', 'FORWARD', '10', '-i', 'vnet+', '-d', 'BGA', '-j', 'DROP']], nil)
+ provider.create
+ end
+
+ it 'destroys' do
+ provider.expects(:execute_firewall_cmd).with(['--direct', '--remove-rule', ['eb', 'filter', 'FORWARD', '10', '-i', 'vnet+', '-d', 'BGA', '-j', 'DROP']], nil)
+ provider.destroy
+ end
+ end
+
context 'autorequires' do
# rubocop:disable RSpec/InstanceVariable
before do