Add protocol parameter to jail define
diff --git a/manifests/jail.pp b/manifests/jail.pp
index 9837817..1ceb529 100644
--- a/manifests/jail.pp
+++ b/manifests/jail.pp
@@ -17,6 +17,7 @@
# If empty, defaults to == $jailname.
# $ignoreip - Don't ban a host which matches an address in this list.
# $port - The port to filter. It can be an array of ports.
+# $protocol - The protocol for this jail's action.
# $logpath - The log file to monitor
# $maxretry - How many fails are acceptable
# $action - The action to take when fail2ban finds $maxretry $filter-matching
@@ -32,6 +33,7 @@
$filter = '',
$ignoreip = '',
$port = '',
+ $protocol = '',
$action = '',
$logpath = '',
$maxretry = '',
@@ -80,6 +82,11 @@
default => $port,
}
+ $real_protocol = $protocol ? {
+ '' => undef,
+ default => $protocol,
+ }
+
$array_action = is_array($action) ? {
false => $action ? {
'' => [],
diff --git a/spec/defines/fail2ban_jail_spec.rb b/spec/defines/fail2ban_jail_spec.rb
index 4824155..15e1def 100644
--- a/spec/defines/fail2ban_jail_spec.rb
+++ b/spec/defines/fail2ban_jail_spec.rb
@@ -37,6 +37,7 @@
{
:name => 'sample1',
:port => ['42', '43'],
+ :protocol => 'udp',
:logpath => '/path/to/somelog',
:enable => true,
:ignoreip => [ '10.3.2.0/24', '192.168.56.0/24' ],
@@ -56,6 +57,7 @@
filter = fail2ban::jail
ignoreip = 10.3.2.0/24 192.168.56.0/24
port = 42,43
+protocol = udp
action = iptables[name=SSH, port=ssh, protocol=tcp]
mail-whois[name=SSH, dest=yourmail@mail.com]
logpath = /path/to/somelog
diff --git a/templates/concat/jail.local-stanza.erb b/templates/concat/jail.local-stanza.erb
index 2849cc5..eda4b21 100644
--- a/templates/concat/jail.local-stanza.erb
+++ b/templates/concat/jail.local-stanza.erb
@@ -10,6 +10,9 @@
<% if @array_port != [] -%>
port = <%= @array_port * ',' %>
<% end -%>
+<% if @real_protocol -%>
+protocol = <%= @real_protocol %>
+<% end -%>
<% if @array_action != [] -%>
action = <%= @array_action.join("\n\t") %>
<% end -%>