Adding limit feature to iptables module

2015-11-03 11:41:30 -06:00 · 2015-11-03 11:41:30 -06:00 · fbad76e86a
commit fbad76e86a
parent 61ba4b98e1
1 changed files with 12 additions and 0 deletions
--- a/lib/ansible/modules/extras/system/iptables.py
+++ b/lib/ansible/modules/extras/system/iptables.py
@ -208,6 +208,10 @@ options:
      - "ctstate is a list of the connection states to match in the conntrack module.
        Possible states are: 'INVALID', 'NEW', 'ESTABLISHED', 'RELATED', 'UNTRACKED', 'SNAT', 'DNAT'"
    required: false
+  limit:
+    description:
+      - "Specifies the maximum average number of matches to allow per second. The number can specify units explicitly, using `/second', `/minute', `/hour' or `/day', or parts of them (so `5/second' is the same as `5/s')."
+    required: false
 '''

 EXAMPLES = '''
@ -244,6 +248,11 @@ def append_conntrack(rule, param):
        rule.extend(['-m'])
        rule.extend(['conntrack'])

+def append_limit(rule, param):
+    if param:
+        rule.extend(['-m'])
+        rule.extend(['limit'])
+

 def construct_rule(params):
    rule = []
@ -265,6 +274,8 @@ def construct_rule(params):
    if params['ctstate']:
        append_conntrack(rule, params['ctstate'])
        append_param(rule, ','.join(params['ctstate']), '--ctstate', False)
+    append_limit(rule, params['limit'])
+    append_param(rule, params['limit'], '--limit', False)
    return rule


@ -315,6 +326,7 @@ def main():
            to_ports=dict(required=False, default=None, type='str'),
            comment=dict(required=False, default=None, type='str'),
            ctstate=dict(required=False, default=[], type='list'),
+            limit=dict(required=False, default=[], type='list'),
        ),
    )
    args = dict(