Merge pull request #16 from lazyfrosch/master
Added protocol as parameter to fail2ban jails
diff --git a/.travis.yml b/.travis.yml
index e888912..dae24e9 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -4,7 +4,7 @@
- 1.8.7
- 1.9.3
- 2.0.0
-script: "bundle exec rake spec SPEC_OPTS='--format documentation'"
+script: "bundle exec rake spec SPEC_OPTS='--format documentation' && bundle exec rake test"
branches:
only:
master
diff --git a/Rakefile b/Rakefile
index e18c5cc..b3942b3 100644
--- a/Rakefile
+++ b/Rakefile
@@ -17,6 +17,7 @@
PuppetLint.configuration.send("disable_80chars")
PuppetLint.configuration.log_format = "%{path}:%{linenumber}:%{check}:%{KIND}:%{message}"
PuppetLint.configuration.fail_on_warnings = true
+PuppetLint.configuration.relative = true
# Forsake support for Puppet 2.6.2 for the benefit of cleaner code.
# http://puppet-lint.com/checks/class_parameter_defaults/
diff --git a/manifests/init.pp b/manifests/init.pp
index fc7fdda..185274e 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -422,18 +422,18 @@
### Managed resources
package { $fail2ban::package:
- ensure => $fail2ban::manage_package,
- noop => $fail2ban::noops,
+ ensure => $fail2ban::manage_package,
+ noop => $fail2ban::noops,
}
service { 'fail2ban':
- ensure => $fail2ban::manage_service_ensure,
- name => $fail2ban::service,
- enable => $fail2ban::manage_service_enable,
- hasstatus => $fail2ban::service_status,
- pattern => $fail2ban::process,
- require => Package[$fail2ban::package],
- noop => $fail2ban::noops,
+ ensure => $fail2ban::manage_service_ensure,
+ name => $fail2ban::service,
+ enable => $fail2ban::manage_service_enable,
+ hasstatus => $fail2ban::service_status,
+ pattern => $fail2ban::process,
+ require => Package[$fail2ban::package],
+ noop => $fail2ban::noops,
}
if $fail2ban::manage_file_source
diff --git a/manifests/jail.pp b/manifests/jail.pp
index 9837817..1ceb529 100644
--- a/manifests/jail.pp
+++ b/manifests/jail.pp
@@ -17,6 +17,7 @@
# If empty, defaults to == $jailname.
# $ignoreip - Don't ban a host which matches an address in this list.
# $port - The port to filter. It can be an array of ports.
+# $protocol - The protocol for this jail's action.
# $logpath - The log file to monitor
# $maxretry - How many fails are acceptable
# $action - The action to take when fail2ban finds $maxretry $filter-matching
@@ -32,6 +33,7 @@
$filter = '',
$ignoreip = '',
$port = '',
+ $protocol = '',
$action = '',
$logpath = '',
$maxretry = '',
@@ -80,6 +82,11 @@
default => $port,
}
+ $real_protocol = $protocol ? {
+ '' => undef,
+ default => $protocol,
+ }
+
$array_action = is_array($action) ? {
false => $action ? {
'' => [],
diff --git a/spec/defines/fail2ban_jail_spec.rb b/spec/defines/fail2ban_jail_spec.rb
index 4824155..15e1def 100644
--- a/spec/defines/fail2ban_jail_spec.rb
+++ b/spec/defines/fail2ban_jail_spec.rb
@@ -37,6 +37,7 @@
{
:name => 'sample1',
:port => ['42', '43'],
+ :protocol => 'udp',
:logpath => '/path/to/somelog',
:enable => true,
:ignoreip => [ '10.3.2.0/24', '192.168.56.0/24' ],
@@ -56,6 +57,7 @@
filter = fail2ban::jail
ignoreip = 10.3.2.0/24 192.168.56.0/24
port = 42,43
+protocol = udp
action = iptables[name=SSH, port=ssh, protocol=tcp]
mail-whois[name=SSH, dest=yourmail@mail.com]
logpath = /path/to/somelog
diff --git a/templates/concat/jail.local-stanza.erb b/templates/concat/jail.local-stanza.erb
index 2849cc5..eda4b21 100644
--- a/templates/concat/jail.local-stanza.erb
+++ b/templates/concat/jail.local-stanza.erb
@@ -10,6 +10,9 @@
<% if @array_port != [] -%>
port = <%= @array_port * ',' %>
<% end -%>
+<% if @real_protocol -%>
+protocol = <%= @real_protocol %>
+<% end -%>
<% if @array_action != [] -%>
action = <%= @array_action.join("\n\t") %>
<% end -%>