Fix port range syntax for nftables

diff --git a/cookbooks/networking/resources/firewall_rule.rb b/cookbooks/networking/resources/firewall_rule.rb
index e72a3df7883d7da389dc50c3302f77dfdc087431..0eca031765f224772712abdd786c3aaf3194feba 100644 (file)
--- a/cookbooks/networking/resources/firewall_rule.rb
+++ b/cookbooks/networking/resources/firewall_rule.rb
@@ -106,11 +106,11 @@ action_class do
             end
 
     if new_resource.source_ports != "-"
-      rule << "#{proto} sport { #{new_resource.source_ports} }"
+      rule << "#{proto} sport { #{nftables_source_ports} }"
     end
 
     if new_resource.dest_ports != "-"
-      rule << "#{proto} dport { #{new_resource.dest_ports} }"
+      rule << "#{proto} dport { #{nftables_dest_ports} }"
     end
 
     if new_resource.source == "osm"
@@ -159,4 +159,12 @@ action_class do
       node.default[:networking][:firewall][:incoming] << rule.join(" ")
     end
   end
+
+  def nftables_source_ports
+    new_resource.source_ports.to_s.sub(/:$/, "-65535").gsub(":", "-")
+  end
+
+  def nftables_dest_ports
+    new_resource.dest_ports.to_s.sub(/:$/, "-65535").gsub(":", "-")
+  end
 end