From b99c9563c78d6ead1a29113eaa3e556c7fdb4ead Mon Sep 17 00:00:00 2001
From: Saurabh Pandit <saurabh.pandit@perforce.com>
Date: Mon, 21 Oct 2024 14:45:05 +0530
Subject: [PATCH] (CAT-2088): Fix for not rejecting valid iptables: 1. Allow -_
 in ipset name

---
 REFERENCE.md                | 2 +-
 lib/puppet/type/firewall.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/REFERENCE.md b/REFERENCE.md
index a350538bd..116e360af 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -879,7 +879,7 @@ Data type: `Optional[Enum['none', 'ipsec']]`
 
 ##### `ipset`
 
-Data type: `Optional[Variant[Pattern[/^(?:!\s)?\w+\s(?:src|dst)(?:,src|,dst)?$/], Array[Pattern[/^(?:!\s)?\w+\s(?:src|dst)(?:,src|,dst)?$/]]]]`
+Data type: `Optional[Variant[Pattern[/^(?:!\s)?[\w\-_]+\s(?:src|dst)(?:,src|,dst)?$/], Array[Pattern[/^(?:!\s)?[\w\-_]+\s(?:src|dst)(?:,src|,dst)?$/]]]]`
 _*this data type contains a regex that may not be accurately reflected in generated documentation_
 
       Matches against the specified ipset list.
diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
index 066db2f05..bf464ff90 100644
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -948,7 +948,7 @@
       DESC
     },
     ipset: {
-      type: 'Optional[Variant[Pattern[/^(?:!\s)?\w+\s(?:src|dst)(?:,src|,dst)?$/], Array[Pattern[/^(?:!\s)?\w+\s(?:src|dst)(?:,src|,dst)?$/]]]]',
+      type: 'Optional[Variant[Pattern[/^(?:!\s)?[\w\-_]+\s(?:src|dst)(?:,src|,dst)?$/], Array[Pattern[/^(?:!\s)?[\w\-_]+\s(?:src|dst)(?:,src|,dst)?$/]]]]',
       desc: <<-DESC
       Matches against the specified ipset list.
       Requires ipset kernel module. Will accept a single element or an array.