From: Jan Vansteenkiste <jan@vstone.eu>
Date: Wed, 22 Aug 2012 21:11:39 +0000 (+0200)
Subject: Fix parsing of rules and generating the command line to set the rule
X-Git-Tag: 0.5.0~18^2~6
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=bffaf8ad0c3027e004d49605d8909db58764a021;p=puppet-modules%2Fpuppetlabs-firewall.git

Fix parsing of rules and generating the command line to set the rule
---

diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index b69af91..147c728 100644
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -166,10 +166,13 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
 
     # --tcp-flags takes two values; we cheat by adding " around it
     # so it behaves like --comment
-    # we do a simular thing for negated address masks (source and destination).
     values = values.sub(/--tcp-flags (\S*) (\S*)/, '--tcp-flags "\1 \2"')
+    # we do a simular thing for negated address masks (source and destination).
     values = values.sub(/-s (!)\s?(\S*)/, '-s "\1 \2"')
     values = values.sub(/-d (!)\s?(\S*)/,'-d "\1 \2"')
+    # the actual rule will have the ! mark before the option.
+    values = values.sub(/(!)\s*-s\s*(\S*)/, '-s "\1 \2"')
+    values = values.sub(/(!)\s*-d\s*(\S*)/, '-d "\1 \2"')
 
     # Trick the system for booleans
     @known_booleans.each do |bool|
@@ -371,6 +374,10 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
         one, two = resource_value.split(' ')
         args << one
         args << two
+      elsif res == :source or res == :destination
+        one, two = resource_value.split(' ')
+        args << one
+        args << two unless two == nil
       elsif resource_value.is_a?(Array)
         args << resource_value.join(',')
       elsif !resource_value.nil?