From: Hunter Haugen <hunter@puppetlabs.com>
Date: Mon, 3 Feb 2014 23:19:16 +0000 (-0800)
Subject: (MODULES-16) Correct src_range dst_range ordering
X-Git-Tag: 0.5.0~7^2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=f5e632a599767b5668d930558e7d7b4b2e316669;p=puppet-modules%2Fpuppetlabs-firewall.git

(MODULES-16) Correct src_range dst_range ordering

I wasn't able to reproduce the bug in testing, but several people were
able to and the proposed fix is a correct assumption.
---

diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index a6df9c5..97520e0 100644
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -126,12 +126,14 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
   # we need it to properly parse and apply rules, if the order of resource
   # changes between puppet runs, the changed rules will be re-applied again.
   # This order can be determined by going through iptables source code or just tweaking and trying manually
-  @resource_list = [:table, :source, :src_range, :destination, :dst_range, :iniface, :outiface,
-    :proto, :isfragment, :tcp_flags, :gid, :uid, :sport, :dport, :port,
-    :dst_type, :src_type, :socket, :pkttype, :name, :ipsec_dir, :ipsec_policy, :state, :ctstate, :icmp,
-    :limit, :burst, :recent, :rseconds, :reap, :rhitcount, :rttl, :rname, :rsource, :rdest,
-    :jump, :todest, :tosource, :toports, :log_prefix,
-    :log_level, :reject, :set_mark]
+  @resource_list = [
+    :table, :source, :destination, :iniface, :outiface, :proto, :isfragment,
+    :src_range, :dst_range, :tcp_flags, :gid, :uid, :sport, :dport, :port,
+    :dst_type, :src_type, :socket, :pkttype, :name, :ipsec_dir, :ipsec_policy,
+    :state, :ctstate, :icmp, :limit, :burst, :recent, :rseconds, :reap,
+    :rhitcount, :rttl, :rname, :rsource, :rdest, :jump, :todest, :tosource,
+    :toports, :log_prefix, :log_level, :reject, :set_mark
+  ]
 
   def insert
     debug 'Inserting rule %s' % resource[:name]
diff --git a/spec/fixtures/iptables/conversion_hash.rb b/spec/fixtures/iptables/conversion_hash.rb
index cd7aa7c..042e8bb 100644
--- a/spec/fixtures/iptables/conversion_hash.rb
+++ b/spec/fixtures/iptables/conversion_hash.rb
@@ -584,7 +584,7 @@ HASH_TO_ARGS = {
       :table => 'filter',
       :dst_range => '10.0.0.1-10.0.0.10',
     },
-    :args => ['-t', :filter, '-m', 'iprange', '--dst-range', '10.0.0.1-10.0.0.10', '-p', :tcp, '-m', 'comment', '--comment', '000 dst_range'],
+    :args => ['-t', :filter, '-p', :tcp, '-m', 'iprange', '--dst-range', '10.0.0.1-10.0.0.10', '-m', 'comment', '--comment', '000 dst_range'],
   },
   'src_range_1' => {
     :params => {
@@ -592,7 +592,7 @@ HASH_TO_ARGS = {
       :table => 'filter',
       :dst_range => '10.0.0.1-10.0.0.10',
     },
-    :args => ['-t', :filter, '-m', 'iprange', '--dst-range', '10.0.0.1-10.0.0.10', '-p', :tcp, '-m', 'comment', '--comment', '000 src_range'],
+    :args => ['-t', :filter, '-p', :tcp, '-m', 'iprange', '--dst-range', '10.0.0.1-10.0.0.10', '-m', 'comment', '--comment', '000 src_range'],
   },
   'tcp_flags_1' => {
     :params => {