Add configuration option for iptables_chain #42
Conversation
|
Hi @brwyatt, thanks for the PR. This repo got recently migrated to Vox Pupuli. Can you please rebase? |
|
@bastelfreak Should be good now! Let me know if you need any further assistance to get this merged in. Thanks! |
|
Noticed the new updates to master. I've rebased again accordingly. |
|
Hi @brwyatt, thanks for the rebase! Can you add at least one rspec test to verify the file content? |
|
I've added in some tests to make sure the line is present (default of "INPUT" when using the templates), and additionally checking when the parameter is changed that it appears when using a template. I'm hoping this is sufficient and what you were looking for. Feel free to point out if I've missed anything and I'll try to get things sorted out. |
|
Hey @bastelfreak Saw the updates on master and have rebased on those changes. Also noticed the added template for Let me know if you need anything else from me to before this can be merged. |
| end | ||
| end | ||
|
|
||
| context 'when content template and custom chain' do |
| @@ -33,6 +33,7 @@ | |||
| Integer[0] $bantime = 432000, | |||
| String $email = "fail2ban@${::domain}", | |||
| String $sender = "fail2ban@${::fqdn}", | |||
| String $iptables_chain = 'INPUT', | |||
|
Thanks for the updates @brwyatt ! |
iptablesis already pretty fiddly on its own. Allowing a user to select a custom chain for Fail2Ban to manage (instead of INPUT) will make this management quite a bit less headache-inducing.This change doesn't manage the chain, just instructs Fail2Ban to use it, via the config file.