From: Stefan Siegl <stesie@brokenpipe.de>
Date: Mon, 27 Oct 2014 21:05:07 +0000 (+0100)
Subject: Don't arbitrarily limit set_mark to certain chains
X-Git-Tag: 1.3.0~1^2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=edcc4ba19268c5e3f690d78f4358d6caf7c64150;p=puppet-modules%2Fpuppetlabs-firewall.git

Don't arbitrarily limit set_mark to certain chains

set_mark is not only allowed in PREROUTING or OUTPUT chain,
but also in custom chains, which are called from these.
---

diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
index ce699da..46ed519 100644
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -1066,10 +1066,9 @@ Puppet::Type.newtype(:firewall) do
 
     if value(:set_mark)
       unless value(:jump).to_s  =~ /MARK/ &&
-             value(:chain).to_s =~ /PREROUTING|OUTPUT/ &&
              value(:table).to_s =~ /mangle/
         self.fail "Parameter set_mark only applies to " \
-          "the PREROUTING or OUTPUT chain of the mangle table and when jump => MARK"
+          "the mangle table and when jump => MARK"
       end
     end