From 9bb700cfe792fea35319206696cf4764a19c8f5a Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sat, 4 Mar 2023 12:03:53 +0000
Subject: [PATCH] Fix port range syntax for nftables

---
 cookbooks/networking/resources/firewall_rule.rb | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/cookbooks/networking/resources/firewall_rule.rb b/cookbooks/networking/resources/firewall_rule.rb
index e72a3df78..0eca03176 100644
--- a/cookbooks/networking/resources/firewall_rule.rb
+++ b/cookbooks/networking/resources/firewall_rule.rb
@@ -106,11 +106,11 @@ action_class do
             end
 
     if new_resource.source_ports != "-"
-      rule << "#{proto} sport { #{new_resource.source_ports} }"
+      rule << "#{proto} sport { #{nftables_source_ports} }"
     end
 
     if new_resource.dest_ports != "-"
-      rule << "#{proto} dport { #{new_resource.dest_ports} }"
+      rule << "#{proto} dport { #{nftables_dest_ports} }"
     end
 
     if new_resource.source == "osm"
@@ -159,4 +159,12 @@ action_class do
       node.default[:networking][:firewall][:incoming] << rule.join(" ")
     end
   end
+
+  def nftables_source_ports
+    new_resource.source_ports.to_s.sub(/:$/, "-65535").gsub(":", "-")
+  end
+
+  def nftables_dest_ports
+    new_resource.dest_ports.to_s.sub(/:$/, "-65535").gsub(":", "-")
+  end
 end
-- 
2.39.5