Help with puppetlabs-firewall physdev rule

[Matthew Hyclak]

Hi all,

I'm looking at the firewall type documentation and either I'm missing something or I can't do what I need to do. I have a Red Hat Enterprise Virtualization server I'm bringing under puppet control. One of the firewall rules generated by the RHEV installer is as follows:

-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited

I don't see how I can specify the -m match argument in the firewall module. Am I missing something, or does this need to be a feature request? Any workarounds in the meantime (like manually specifying the entire line)?

Thanks!

Matt