(MODULES-8360) Fix relating to Bugzilla 1015

A fix for Bugzilla #1015 was added in
680738164865a01f554d1e1037c8d8724e39a720. However, it appears that the
bug description at https://bugzilla.netfilter.org/show_bug.cgi?id=1015
is not quite accurate, and the -p all hack is required sometimes, but
not always. I don't know exactly when it is or isn't required.

This patch changes the logic to try both.

diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index fde6e9740109c6cafd82225f70918ea332948eba..9c674113a8c28fea09ffe2391f0c85470dd6758c 100644 (file)
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -325,9 +325,15 @@ Puppet::Type.type(:firewall).provide :iptables, parent: Puppet::Provider::Firewa
       # https://bugzilla.netfilter.org/show_bug.cgi?id=1015
       #
       # This tries deleting again with -p all to see if that helps.
+      #
+      # rubocop:disable Lint/HandleExceptions
       if self.class.instance_variable_get(:@protocol) == 'IPv6' && properties[:proto] == 'all'
-        iptables delete_args.concat('-p', 'all')
+        begin
+          iptables delete_args.concat(['-p', 'all'])
+        rescue Puppet::ExecutionFailure => e
+        end
       end
+      # rubocop:enable Lint/HandleExceptions
 
       # Check to see if the iptables rule is already gone. This can sometimes
       # happen as a side effect of other resource changes. If it's not gone,