Add protocol parameter to jail define

manifests/jail.pp

@@ -17,6 +17,7 @@
 #             If empty, defaults to == $jailname.
 # $ignoreip - Don't ban a host which matches an address in this list.
 # $port     - The port to filter. It can be an array of ports.
+# $protocol - The protocol for this jail's action.
 # $logpath  - The log file to monitor
 # $maxretry - How many fails are acceptable
 # $action   - The action to take when fail2ban finds $maxretry $filter-matching
@@ -32,6 +33,7 @@ define fail2ban::jail (
   $filter    = '',
   $ignoreip  = '',
   $port      = '',
+  $protocol  = '',
   $action    = '',
   $logpath   = '',
   $maxretry  = '',
@@ -80,6 +82,11 @@ define fail2ban::jail (
     default   => $port,
   }
 
+  $real_protocol = $protocol ? {
+    ''      => undef,
+    default => $protocol,
+  }
+
   $array_action = is_array($action) ? {
     false     => $action ? {
       ''      => [],

spec/defines/fail2ban_jail_spec.rb

@@ -37,6 +37,7 @@ filter   = fail2ban::jail
       {
         :name     => 'sample1',
         :port     => ['42', '43'],
+        :protocol => 'udp',
         :logpath  => '/path/to/somelog',
         :enable   => true,
         :ignoreip => [ '10.3.2.0/24', '192.168.56.0/24' ],
@@ -56,6 +57,7 @@ enabled  = true
 filter   = fail2ban::jail
 ignoreip = 10.3.2.0/24 192.168.56.0/24
 port     = 42,43
+protocol = udp
 action   = iptables[name=SSH, port=ssh, protocol=tcp]
 	mail-whois[name=SSH, dest=yourmail@mail.com]
 logpath  = /path/to/somelog

templates/concat/jail.local-stanza.erb

@@ -10,6 +10,9 @@ ignoreip = <%= @array_ignoreip * ' ' %>
 <% if @array_port != [] -%>
 port     = <%= @array_port * ',' %>
 <% end -%>
+<% if @real_protocol -%>
+protocol = <%= @real_protocol %>
+<% end -%>
 <% if @array_action != [] -%>
 action   = <%= @array_action.join("\n\t") %>
 <% end -%>