From: Peter Palfrader <peter@palfrader.org>
Date: Mon, 16 Sep 2019 09:02:30 +0000 (+0200)
Subject: If the name is too long for netfilter, hash it
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=ec61943b75f486924e9f8b3493f6f2bd6c8e9ec9;p=mirror%2Fdsa-puppet.git

If the name is too long for netfilter, hash it
---

diff --git a/modules/ferm/manifests/rule/simple.pp b/modules/ferm/manifests/rule/simple.pp
index fff04a3ec..f3a058d21 100644
--- a/modules/ferm/manifests/rule/simple.pp
+++ b/modules/ferm/manifests/rule/simple.pp
@@ -43,7 +43,12 @@ define ferm::rule::simple (
                     domain (<%= @real_domain.join(' ') %>) {
                       table <%= @table %> {
                         <%-
+                        # netfilter chain names are limited to 28 characters, so if name is too long, we'll have to do something about that
                         name = @name
+                        if name.size > 20 then
+                          require 'digest'
+                          name = 'dgst-' + Digest::SHA256.hexdigest(name)[0,15]
+                        end
                         tail = "jump #{@target}"
                         -%>
                         <%=