If the name is too long for netfilter, hash it

author Peter Palfrader <peter@palfrader.org>

Mon, 16 Sep 2019 09:02:30 +0000 (11:02 +0200)

committer Peter Palfrader <peter@palfrader.org>

Mon, 16 Sep 2019 09:02:30 +0000 (11:02 +0200)
author Peter Palfrader <peter@palfrader.org>
Mon, 16 Sep 2019 09:02:30 +0000 (11:02 +0200)
committer Peter Palfrader <peter@palfrader.org>
Mon, 16 Sep 2019 09:02:30 +0000 (11:02 +0200)
diff --git a/modules/ferm/manifests/rule/simple.pp b/modules/ferm/manifests/rule/simple.pp

index fff04a3..f3a058d 100644 (file)
--- a/modules/ferm/manifests/rule/simple.pp
+++ b/modules/ferm/manifests/rule/simple.pp
@@ -43,7 +43,12 @@ define ferm::rule::simple (
                      domain (<%= @real_domain.join(' ') %>) {
                        table <%= @table %> {
                          <%-
+                        # netfilter chain names are limited to 28 characters, so if name is too long, we'll have to do something about that
                          name = @name
+                        if name.size > 20 then
+                          require 'digest'
+                          name = 'dgst-' + Digest::SHA256.hexdigest(name)[0,15]
+                        end
                          tail = "jump #{@target}"
                          -%>
                          <%=
author	Peter Palfrader <peter@palfrader.org>
	Mon, 16 Sep 2019 09:02:30 +0000 (11:02 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Mon, 16 Sep 2019 09:02:30 +0000 (11:02 +0200)