]> review.fuel-infra Code Review - puppet-modules/puppetlabs-firewall.git/commitdiff
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: db96537)
Don't arbitrarily limit set_mark to certain chains
authorStefan Siegl <stesie@brokenpipe.de>
Mon, 27 Oct 2014 21:05:07 +0000 (22:05 +0100)
committerStefan Siegl <stesie@brokenpipe.de>
Mon, 27 Oct 2014 21:09:59 +0000 (22:09 +0100)
set_mark is not only allowed in PREROUTING or OUTPUT chain,
but also in custom chains, which are called from these.

lib/puppet/type/firewall.rb patch | blob | history

diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
index ce699da0ebb63db0f8eb8669df4663303c60b633..46ed5193459e99205c39d292f922c85c21fa8897 100644 (file)
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -1066,10 +1066,9 @@ Puppet::Type.newtype(:firewall) do
 
     if value(:set_mark)
       unless value(:jump).to_s  =~ /MARK/ &&
-             value(:chain).to_s =~ /PREROUTING|OUTPUT/ &&
              value(:table).to_s =~ /mangle/
         self.fail "Parameter set_mark only applies to " \
-          "the PREROUTING or OUTPUT chain of the mangle table and when jump => MARK"
+          "the mangle table and when jump => MARK"
       end
     end