From: Max Vozeler <max.vozeler@amadeus.com>
Date: Mon, 16 Nov 2015 13:01:35 +0000 (+0100)
Subject: Fix handling of chain names that contain -f
X-Git-Tag: 1.8.0~17^2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=b52b0eb96209b29c349d79a4fc8ca5d5acbf2eb2;p=puppet-modules%2Fpuppetlabs-firewall.git

Fix handling of chain names that contain -f
---

diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index 27c0b36..5835dea 100644
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -356,7 +356,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
         # -f requires special matching:
         # only replace those -f that are not followed by an l to
         # distinguish between -f and the '-f' inside of --tcp-flags.
-        values = values.sub(/-f(?!l)(?=.*--comment)/, '-f true')
+        values = values.sub(/\s-f(?!l)(?=.*--comment)/, ' -f true')
       else
         values = values.sub(/#{resource_map[bool]}/, "#{resource_map[bool]} true")
       end
diff --git a/spec/fixtures/iptables/conversion_hash.rb b/spec/fixtures/iptables/conversion_hash.rb
index ac9ba9a..bbdff8c 100644
--- a/spec/fixtures/iptables/conversion_hash.rb
+++ b/spec/fixtures/iptables/conversion_hash.rb
@@ -573,6 +573,14 @@ ARGS_TO_HASH = {
       :clamp_mss_to_pmtu => true,
     },
   },
+  'mangled_chain_name_with_-f' => {
+    :line => '-A foo-filter -p tcp -m comment --comment "068 chain name containing -f" -j ACCEPT',
+    :params => {
+      :name              => '068 chain name containing -f',
+      :action            => 'accept',
+      :chain             => 'foo-filter',
+    },
+  },
 }
 
 # This hash is for testing converting a hash to an argument line.