From ec61943b75f486924e9f8b3493f6f2bd6c8e9ec9 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Mon, 16 Sep 2019 11:02:30 +0200
Subject: [PATCH] If the name is too long for netfilter, hash it

---
 modules/ferm/manifests/rule/simple.pp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/ferm/manifests/rule/simple.pp b/modules/ferm/manifests/rule/simple.pp
index fff04a3ec..f3a058d21 100644
--- a/modules/ferm/manifests/rule/simple.pp
+++ b/modules/ferm/manifests/rule/simple.pp
@@ -43,7 +43,12 @@ define ferm::rule::simple (
                     domain (<%= @real_domain.join(' ') %>) {
                       table <%= @table %> {
                         <%-
+                        # netfilter chain names are limited to 28 characters, so if name is too long, we'll have to do something about that
                         name = @name
+                        if name.size > 20 then
+                          require 'digest'
+                          name = 'dgst-' + Digest::SHA256.hexdigest(name)[0,15]
+                        end
                         tail = "jump #{@target}"
                         -%>
                         <%=
-- 
2.20.1