]> review.fuel-infra Code Review - puppet-modules/puppetlabs-firewall.git/commitdiff
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 706f13b)
fix negation handling for complex arguments
authorPatrick Hemmer <patrick.hemmer@gmail.com>
Tue, 17 Dec 2013 00:27:26 +0000 (19:27 -0500)
committerPatrick Hemmer <patrick.hemmer@gmail.com>
Fri, 20 Dec 2013 20:11:29 +0000 (15:11 -0500)
lib/puppet/provider/firewall/iptables.rb patch | blob | history

diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index 90e7926efc4ece3a8037cde18ed16b6e4d214711..05cbdfcdf7e8d0f0fdae8c7045ae07419fd03e89 100644 (file)
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -355,13 +355,15 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
         next
       end
 
-      ## Generic negating of rules
-      if resource_value =~ /!\s?(.*)/
-        resource_value = $1
-        args << "!"
+      args << [resource_map[res]].flatten.first.split(' ')
+
+      # On negations, the '!' has to be before the option (eg: "! -d 1.2.3.4")
+      if resource_value.is_a?(String) and resource_value.sub!(/^!\s*/, '') then
+        # we do this after adding the 'dash' argument because of ones like "-m multiport --dports", where we want it before the "--dports" but after "-m multiport".
+        # so we insert before whatever the last argument is
+        args.insert(-2, '!')
       end
 
-      args << [resource_map[res]].flatten.first.split(' ')
 
       # For sport and dport, convert hyphens to colons since the type
       # expects hyphens for ranges of ports.