From d1aff2f03e630c950b09836c826b3bccfb782d08 Mon Sep 17 00:00:00 2001
From: Nathan Ward <nward@searchlight.nz>
Date: Wed, 15 May 2024 22:44:48 +1200
Subject: [PATCH 1/2] Update the puppetlabs firewall module requirement to be
 >7

---
 metadata.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/metadata.json b/metadata.json
index 8025bcae..99aa73a3 100644
--- a/metadata.json
+++ b/metadata.json
@@ -14,7 +14,7 @@
     },
     {
       "name": "puppetlabs/firewall",
-      "version_requirement": ">=1.0.0 <7.0.0"
+      "version_requirement": ">=7.0.0 <9.0.0"
     },
     {
       "name": "saz/rsyslog",

From c4d4ad67facb27e4ca259fd1a4ad14e99e97c55f Mon Sep 17 00:00:00 2001
From: Nathan Ward <nward@searchlight.nz>
Date: Wed, 15 May 2024 22:36:26 +1200
Subject: [PATCH 2/2] Update calls to the firewall module with modern
 parameters

---
 manifests/client.pp         | 13 +++++++------
 spec/defines/client_spec.rb | 13 +++++++------
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/manifests/client.pp b/manifests/client.pp
index f8fc7e4d..876d4da9 100644
--- a/manifests/client.pp
+++ b/manifests/client.pp
@@ -61,17 +61,18 @@
     if $port {
       if $ip {
         firewall { "100 ${name} ${port_description} v4":
-          proto  => 'udp',
-          dport  => $port,
-          action => 'accept',
-          source => $ip,
+          proto    => 'udp',
+          dport    => $port,
+          jump     => 'ACCEPT',
+          protocol => 'IPv4',
+          source   => $ip,
         }
       } elsif $ip6 {
         firewall { "100 ${name} ${port_description} v6":
           proto    => 'udp',
           dport    => $port,
-          action   => 'accept',
-          provider => 'ip6tables',
+          jump     => 'ACCEPT',
+          protocol => 'IPv6',
           source   => $ip6,
         }
       }
diff --git a/spec/defines/client_spec.rb b/spec/defines/client_spec.rb
index fcf8c73f..f234d7ab 100644
--- a/spec/defines/client_spec.rb
+++ b/spec/defines/client_spec.rb
@@ -85,8 +85,9 @@
         is_expected.to contain_firewall('100 test 1234 v4')
           .with_proto('udp')
           .with_dport(1234)
-          .with_action('accept')
+          .with_jump('ACCEPT')
           .with_source('1.2.3.4')
+          .with_protocol('IPv4')
       end
 
       context 'with ipv6' do
@@ -102,9 +103,9 @@
           is_expected.to contain_firewall('100 test 1234 v6')
             .with_proto('udp')
             .with_dport(1234)
-            .with_action('accept')
+            .with_jump('ACCEPT')
             .with_source('2001:db8::100')
-            .with_provider('ip6tables')
+            .with_protocol('IPv6')
         end
       end
     end
@@ -120,7 +121,7 @@
         is_expected.to contain_firewall('100 test 1234,4321 v4')
           .with_proto('udp')
           .with_dport([1234, 4321])
-          .with_action('accept')
+          .with_jump('ACCEPT')
           .with_source('1.2.3.4')
       end
 
@@ -137,9 +138,9 @@
           is_expected.to contain_firewall('100 test 1234,4321 v6')
             .with_proto('udp')
             .with_dport([1234, 4321])
-            .with_action('accept')
+            .with_jump('ACCEPT')
             .with_source('2001:db8::100')
-            .with_provider('ip6tables')
+            .with_protocol('IPv6')
         end
       end
     end