use verbose multiport syntax for better compat

The dports/sports shortcut is only supported starting with ferm v2.5 which
was released very recently.
In order to support a wider range of distributions and ferm versions,
this commits switches to the more verbose version of the multiport
features.

diff --git a/manifests/rule.pp b/manifests/rule.pp
index 458bef63c41e0308165e58690f24ccb187edc4ae..e44d04a03b6dd212fd5ca7593deca9e5ea55043c 100644 (file)
--- a/manifests/rule.pp
+++ b/manifests/rule.pp
@@ -98,7 +98,7 @@ define ferm::rule (
   # ferm supports implicit multiport using the "dports" shortcut
   if $dport =~ Array {
     $dports = join($dport, ' ')
-    $dport_real = "dports (${dports})"
+    $dport_real = "mod multiport destination-ports (${dports})"
   } elsif $dport =~ Integer {
     $dport_real = "dport ${dport}"
   } else {
@@ -108,7 +108,7 @@ define ferm::rule (
   # ferm supports implicit multiport using the "sports" shortcut
   if $sport =~ Array {
     $sports = join($sport, ' ')
-    $sport_real = "sports (${sports})"
+    $sport_real = "mod multiport source-ports (${sports})"
   } elsif $sport =~ Integer {
     $sport_real = "sport ${sport}"
   } else {

diff --git a/spec/defines/rule_spec.rb b/spec/defines/rule_spec.rb
index f1887b614c8a78dce97923dbf78d28bf86923090..b2a2abd33277007757d5ad76fa3ab98f08eb914e 100644 (file)
--- a/spec/defines/rule_spec.rb
+++ b/spec/defines/rule_spec.rb
@@ -127,7 +127,7 @@ describe 'ferm::rule', type: :define do
         end
 
         it { is_expected.to compile.with_all_deps }
-        it { is_expected.to contain_concat__fragment('INPUT-filter-consul').with_content("mod comment comment 'filter-consul' proto (tcp udp) dports (8301 8302) saddr @ipfilter((127.0.0.1)) ACCEPT;\n") }
+        it { is_expected.to contain_concat__fragment('INPUT-filter-consul').with_content("mod comment comment 'filter-consul' proto (tcp udp) mod multiport destination-ports (8301 8302) saddr @ipfilter((127.0.0.1)) ACCEPT;\n") }
         it { is_expected.to contain_concat__fragment('filter-INPUT-config-include') }
         it { is_expected.to contain_concat__fragment('filter-FORWARD-config-include') }
         it { is_expected.to contain_concat__fragment('filter-OUTPUT-config-include') }