Allow a singular numeric port for the --to-ports parameter

Resolves puppetlabs#1186
gcoxmoz · Mar 27, 2024 · bc93563 · bc93563
1 parent 6620ad2
commit bc93563
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 4 deletions.
diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
@@ -1189,7 +1189,7 @@
       DESC
     },
     toports: {
-      type: 'Optional[Pattern[/^\d+(?:-\d+)?$/]]',
+      type: 'Optional[Variant[Integer[0, 65535], Pattern[/^\d+(?:-\d+)?$/]]]',
       desc: <<-DESC
       For REDIRECT/MASQUERADE this is the port that will replace the destination/source port.
       Can specify a single new port or an inclusive range of ports.

diff --git a/spec/acceptance/firewall_attributes_happy_path_spec.rb b/spec/acceptance/firewall_attributes_happy_path_spec.rb
@@ -144,6 +144,13 @@ class { '::firewall': }
             jump    => 'REDIRECT',
             toports => '2222',
           }
+          firewall { '575 - toports-numeric':
+            proto   => icmp,
+            table   => 'nat',
+            chain   => 'PREROUTING',
+            jump    => 'REDIRECT',
+            toports => 3333,
+          }
           firewall { '581 - pkttype':
             ensure  => present,
             proto   => tcp,
@@ -441,6 +448,10 @@ class { '::firewall': }
       expect(result.stdout).to match(%r{-A PREROUTING -p (icmp|1) -m comment --comment "574 - toports" -j REDIRECT --to-ports 2222})
     end
 
+    it 'toports-numeric is set' do
+      expect(result.stdout).to match(%r{-A PREROUTING -p (icmp|1) -m comment --comment "575 - toports-numeric" -j REDIRECT --to-ports 3333})
+    end
+
     it 'rpfilter is set' do
       expect(result.stdout).to match(%r{-A PREROUTING -p (tcp|6) -m rpfilter --loose --validmark --accept-local --invert -m comment --comment "900 - set rpfilter" -j ACCEPT})
     end

diff --git a/spec/unit/puppet/type/firewall_spec.rb b/spec/unit/puppet/type/firewall_spec.rb
@@ -507,9 +507,9 @@
                 { name: '001 test rule', tosource: 313 }]
     },
     ':toports': {
-      valid: [{ name: '001 test rule', toports: '40' }, { name: '001 test rule', tosource: '50-60' }],
-      invalid: [{ name: '001 test rule', toports: 'invalid' }, { name: '001 test rule', toports: false },
-                { name: '001 test rule', toports: 313 }]
+      valid: [{ name: '001 test rule', toports: '40' }, { name: '001 test rule', tosource: '50-60' },
+              { name: '001 test rule', toports: 313 }],
+      invalid: [{ name: '001 test rule', toports: 'invalid' }, { name: '001 test rule', toports: false }]
     },
     ':to': {
       valid: [{ name: '001 test rule', to: '10.0.0.2' }, { name: '001 test rule', to: '10.0.0.2/24' }],