diff options
| author | Tim Meusel <tim@bastelfreak.de> | 2019-09-30 14:51:12 +0200 |
|---|---|---|
| committer | Tim Meusel <tim@bastelfreak.de> | 2019-10-01 16:27:42 +0200 |
| commit | d4b8909eab6194da389b121e46137da7618eb45c (patch) | |
| tree | 8cfc5af5a35a1557af027d68eccbd9def263dbde /manifests/chain.pp | |
| parent | 5d00a506f896fccb2485ebf3ea316f0156b80f8b (diff) | |
| download | puppet-ferm-d4b8909eab6194da389b121e46137da7618eb45c.tar.gz puppet-ferm-d4b8909eab6194da389b121e46137da7618eb45c.tar.bz2 | |
implement ipset support
Diffstat (limited to 'manifests/chain.pp')
| -rw-r--r-- | manifests/chain.pp | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/manifests/chain.pp b/manifests/chain.pp index 10cc9c1..1be7e83 100644 --- a/manifests/chain.pp +++ b/manifests/chain.pp @@ -73,6 +73,10 @@ define ferm::chain ( } # make sure the generated snippet is actually included + # the ordering here is hacked. We might end up with multiple blocks for the same filter+chain. + # This happens if we add ipset matches. We suffix this ordering with `bbb`. This allows us to + # insert ipset matches before other rules by adding `-aaa` or + # insert them at the end by ordering them with `-ccc`. concat::fragment{"${table}-${chain}-config-include": target => $ferm::configfile, content => epp( @@ -83,7 +87,7 @@ define ferm::chain ( 'filename' => $filename, } ), - order => "${table}-${chain}", + order => "${table}-${chain}-bbb", require => Concat[$filename], } } |