From 37362d5410dc0059f27715c8f9c8956e3542f345 Mon Sep 17 00:00:00 2001
From: Andreas Kempe <kempe@lysator.liu.se>
Date: Fri, 6 Dec 2024 22:15:53 +0100
Subject: [PATCH] iptables: change action to jump

According to the firewall module documentation, the action parameter has
changed name to jump.
---
 manifests/iptables/pre.pp          | 22 +++++++++++-----------
 manifests/iptables_default_deny.pp | 16 ++++++++--------
 manifests/iptables_only_lysator.pp | 12 ++++++------
 3 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/manifests/iptables/pre.pp b/manifests/iptables/pre.pp
index 528b3ed..55e16d2 100644
--- a/manifests/iptables/pre.pp
+++ b/manifests/iptables/pre.pp
@@ -6,61 +6,61 @@ class lysnetwork::iptables::pre {
 
   firewall { '000 accept all icmp':
     proto  => 'icmp',
-    action => 'accept',
+    jump => 'accept',
   }
   -> firewall { '001 accept all to lo interface':
     proto   => 'all',
     iniface => 'lo',
-    action  => 'accept',
+    jump  => 'accept',
   }
   -> firewall { '002 accept all from Lysator':
     proto  => 'all',
     source => '130.236.254.0/24',
-    action => 'accept',
+    jump => 'accept',
   }
   -> firewall { '003 accept all from Lysator':
     proto  => 'all',
     source => '130.236.253.0/24',
-    action => 'accept',
+    jump => 'accept',
   }
   -> firewall { '004 accept all from Lysator':
     proto  => 'all',
     source => '192.168.0.0/16',
-    action => 'accept',
+    jump => 'accept',
   }
   -> firewall { '005 accept all from Lysator':
     proto  => 'all',
     source => '172.16.0.0/12',
-    action => 'accept',
+    jump => 'accept',
   }
   -> firewall { '006 accept all from Lysator':
     proto  => 'all',
     source => '10.0.0.0/9',
-    action => 'accept',
+    jump => 'accept',
   }
   -> firewall { '007 accept related established rules':
     proto  => 'all',
     state  => ['RELATED', 'ESTABLISHED'],
-    action => 'accept',
+    jump => 'accept',
   }
 
   # IPv6 config
 
   firewall { '000 accept all icmp IPv6':
     proto    => 'ipv6-icmp',
-    action   => 'accept',
+    jump   => 'accept',
     protocol => 'ip6tables',
   }
   -> firewall { '001 accept all from Lysator IPv6':
     proto    => 'all',
     source   => '2001:6b0:17:f0a0::0/64',
-    action   => 'accept',
+    jump   => 'accept',
     protocol => 'ip6tables',
   }
   -> firewall { '002 accept related established rules IPv6':
     proto    => 'all',
     state    => ['RELATED', 'ESTABLISHED'],
-    action   => 'accept',
+    jump   => 'accept',
     protocol => 'ip6tables',
   }
 }
diff --git a/manifests/iptables_default_deny.pp b/manifests/iptables_default_deny.pp
index c4c9ea1..ca9ac09 100644
--- a/manifests/iptables_default_deny.pp
+++ b/manifests/iptables_default_deny.pp
@@ -24,36 +24,36 @@ class lysnetwork::iptables_default_deny {
 
   firewall { '000 accept all icmp':
     proto  => icmp,
-    action => accept,
+    jump => 'accept',
   }
   -> firewall { '001 accept all on lo':
     proto   => all,
     iniface => 'lo',
-    action  => accept,
+    jump  => 'accept',
   }
   -> firewall { '002 accept related and established':
     proto  => all,
     state  => ['RELATED', 'ESTABLISHED',],
-    action => accept,
+    jump => 'accept',
   }
 
   # IPV6
 
   firewall { '000 accept all icmp ipv6':
     proto    => 'ipv6-icmp',
-    action   => accept,
+    jump   => 'accept',
     protocol => 'ip6tables',
   }
   -> firewall { '001 accept all on lo ipv6':
     proto    => all,
     iniface  => 'lo',
-    action   => accept,
+    jump   => 'accept',
     protocol => 'ip6tables',
   }
   -> firewall { '002 accept related and established ipv6':
     proto    => all,
     state    => ['RELATED', 'ESTABLISHED',],
-    action   => accept,
+    jump   => 'accept',
     protocol => 'ip6tables',
   }
 
@@ -61,13 +61,13 @@ class lysnetwork::iptables_default_deny {
   firewall { '922 allow ssh':
     proto  => tcp,
     dport  => '22',
-    action => accept,
+    jump => 'accept',
   }
 
   firewall { '922 allow ssh ipv6':
     proto    => tcp,
     dport    => '22',
-    action   => accept,
+    jump   => 'accept',
     protocol => 'ip6tables',
   }
 }
diff --git a/manifests/iptables_only_lysator.pp b/manifests/iptables_only_lysator.pp
index fb574a2..d5f6df6 100644
--- a/manifests/iptables_only_lysator.pp
+++ b/manifests/iptables_only_lysator.pp
@@ -23,19 +23,19 @@ class lysnetwork::iptables_only_lysator {
   firewall { '001 accept all on lo':
     proto   => all,
     iniface => 'lo',
-    action  => accept,
+    jump  => 'accept',
   }
 
   firewall { '002 accept related and established':
     proto  => all,
     state  => ['RELATED', 'ESTABLISHED',],
-    action => accept,
+    jump => 'accept',
   }
 
   firewall { '003 allow lysators ipv4 network':
     proto    => all,
     source   => '130.236.254.0/24',
-    action   => accept,
+    jump   => 'accept',
     protocol => 'iptables'
   }
 
@@ -44,21 +44,21 @@ class lysnetwork::iptables_only_lysator {
   firewall { '001 accept all on lo ipv6':
     proto    => all,
     iniface  => 'lo',
-    action   => accept,
+    jump   => 'accept',
     protocol => 'ip6tables',
   }
 
   firewall { '002 accept related and established ipv6':
     proto    => all,
     state    => ['RELATED', 'ESTABLISHED',],
-    action   => accept,
+    jump   => 'accept',
     protocol => 'ip6tables',
   }
 
   firewall { '003 allow lysators ipv6 network':
     proto    => all,
     source   => '2001:6b0:17:f0a0::/64',
-    action   => accept,
+    jump   => 'accept',
     protocol => 'ip6tables'
   }
 }
-- 
GitLab