Drop tcp vs tcp:syn distinction

[chef.git] / cookbooks / networking / resources / firewall_rule.rb

diff --git a/cookbooks/networking/resources/firewall_rule.rb b/cookbooks/networking/resources/firewall_rule.rb
index 63970e661cbc32fddb8ea337557d4e1b920c0f90..6e6c72585a84923ebf3c354e419f2be40a08045d 100644 (file)
--- a/cookbooks/networking/resources/firewall_rule.rb
+++ b/cookbooks/networking/resources/firewall_rule.rb
@@ -69,10 +69,7 @@ action_class do
          when "inet6" then "ip6"
          end
 
-    proto = case new_resource.proto
-            when "udp" then "udp"
-            when "tcp", "tcp:syn" then "tcp"
-            end
+    proto = new_resource.proto
 
     if new_resource.source_ports
       rule << "#{proto} sport { #{nftables_source_ports} }"
@@ -98,9 +95,7 @@ action_class do
       rule << "#{ip} daddr { #{addresses} }"
     end
 
-    if new_resource.proto == "tcp:syn"
-      rule << "ct state new"
-    end
+    rule << "ct state new" if new_resource.proto == "tcp"
 
     if new_resource.connection_limit != "-"
       set = "connlimit-#{new_resource.rule}-#{ip}"