X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/b7a8d79c0c5d44e3597bdc1b9ed269b3982e7868..3dd8e177f260478b9da3c5c5be583bd262e1f6e9:/cookbooks/networking/resources/firewall_rule.rb

diff --git a/cookbooks/networking/resources/firewall_rule.rb b/cookbooks/networking/resources/firewall_rule.rb
index 92256936a..63970e661 100644
--- a/cookbooks/networking/resources/firewall_rule.rb
+++ b/cookbooks/networking/resources/firewall_rule.rb
@@ -29,8 +29,8 @@ property :family, :kind_of => [String, Symbol]
 property :source, :kind_of => String, :required => true
 property :dest, :kind_of => String, :required => true
 property :proto, :kind_of => String, :required => true
-property :dest_ports, :kind_of => [String, Integer], :default => "-"
-property :source_ports, :kind_of => [String, Integer], :default => "-"
+property :dest_ports, :kind_of => [String, Integer, Array]
+property :source_ports, :kind_of => [String, Integer, Array]
 property :rate_limit, :kind_of => String, :default => "-"
 property :connection_limit, :kind_of => [String, Integer], :default => "-"
 property :helper, :kind_of => String, :default => "-"
@@ -74,11 +74,11 @@ action_class do
             when "tcp", "tcp:syn" then "tcp"
             end
 
-    if new_resource.source_ports != "-"
+    if new_resource.source_ports
       rule << "#{proto} sport { #{nftables_source_ports} }"
     end
 
-    if new_resource.dest_ports != "-"
+    if new_resource.dest_ports
       rule << "#{proto} dport { #{nftables_dest_ports} }"
     end
 
@@ -134,10 +134,10 @@ action_class do
   end
 
   def nftables_source_ports
-    new_resource.source_ports.to_s.sub(/:$/, "-65535").gsub(":", "-")
+    Array(new_resource.source_ports).map(&:to_s).join(",")
   end
 
   def nftables_dest_ports
-    new_resource.dest_ports.to_s.sub(/:$/, "-65535").gsub(":", "-")
+    Array(new_resource.dest_ports).map(&:to_s).join(",")
   end
 end