From 7ae861c2163fecdfa9af8f6e5aed431acfcc2ed1 Mon Sep 17 00:00:00 2001
From: Markus Frosch <markus@lazyfrosch.de>
Date: Fri, 12 Sep 2014 11:38:39 +0200
Subject: [PATCH] Add protocol parameter to jail define

---
 manifests/jail.pp                      | 7 +++++++
 spec/defines/fail2ban_jail_spec.rb     | 2 ++
 templates/concat/jail.local-stanza.erb | 3 +++
 3 files changed, 12 insertions(+)

diff --git a/manifests/jail.pp b/manifests/jail.pp
index 9837817..1ceb529 100644
--- a/manifests/jail.pp
+++ b/manifests/jail.pp
@@ -17,6 +17,7 @@
 #             If empty, defaults to == $jailname.
 # $ignoreip - Don't ban a host which matches an address in this list.
 # $port     - The port to filter. It can be an array of ports.
+# $protocol - The protocol for this jail's action.
 # $logpath  - The log file to monitor
 # $maxretry - How many fails are acceptable
 # $action   - The action to take when fail2ban finds $maxretry $filter-matching
@@ -32,6 +33,7 @@ define fail2ban::jail (
   $filter    = '',
   $ignoreip  = '',
   $port      = '',
+  $protocol  = '',
   $action    = '',
   $logpath   = '',
   $maxretry  = '',
@@ -80,6 +82,11 @@ define fail2ban::jail (
     default   => $port,
   }
 
+  $real_protocol = $protocol ? {
+    ''      => undef,
+    default => $protocol,
+  }
+
   $array_action = is_array($action) ? {
     false     => $action ? {
       ''      => [],
diff --git a/spec/defines/fail2ban_jail_spec.rb b/spec/defines/fail2ban_jail_spec.rb
index 4824155..15e1def 100644
--- a/spec/defines/fail2ban_jail_spec.rb
+++ b/spec/defines/fail2ban_jail_spec.rb
@@ -37,6 +37,7 @@ filter   = fail2ban::jail
       {
         :name     => 'sample1',
         :port     => ['42', '43'],
+        :protocol => 'udp',
         :logpath  => '/path/to/somelog',
         :enable   => true,
         :ignoreip => [ '10.3.2.0/24', '192.168.56.0/24' ],
@@ -56,6 +57,7 @@ enabled  = true
 filter   = fail2ban::jail
 ignoreip = 10.3.2.0/24 192.168.56.0/24
 port     = 42,43
+protocol = udp
 action   = iptables[name=SSH, port=ssh, protocol=tcp]
 	mail-whois[name=SSH, dest=yourmail@mail.com]
 logpath  = /path/to/somelog
diff --git a/templates/concat/jail.local-stanza.erb b/templates/concat/jail.local-stanza.erb
index 2849cc5..eda4b21 100644
--- a/templates/concat/jail.local-stanza.erb
+++ b/templates/concat/jail.local-stanza.erb
@@ -10,6 +10,9 @@ ignoreip = <%= @array_ignoreip * ' ' %>
 <% if @array_port != [] -%>
 port     = <%= @array_port * ',' %>
 <% end -%>
+<% if @real_protocol -%>
+protocol = <%= @real_protocol %>
+<% end -%>
 <% if @array_action != [] -%>
 action   = <%= @array_action.join("\n\t") %>
 <% end -%>