From 06eb1443a0141f5913a358044fe561b03ec99f15 Mon Sep 17 00:00:00 2001
From: Jonathan Boyett <jonathan@failingservers.com>
Date: Wed, 11 May 2011 19:07:27 -0700
Subject: [PATCH] join arrays and use insert order to determine replacement
 position

---
 lib/puppet/provider/firewall/iptables.rb | 10 +++++++---
 lib/puppet/type/firewall.rb              | 13 ++++++++++++-
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index 427eb0f..b8dd479 100644
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -50,7 +50,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
 
   def delete
     debug 'Deleting rule %s' % resource[:name]
-    iptables "-D", properties[:chain], properties[:rulenum]
+    iptables "-D", properties[:chain], insert_order
   end
 
   def exists?
@@ -119,7 +119,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
 
   def update_args
     args = []
-    args << ["-R", resource[:chain], properties[:rulenum]]
+    args << ["-R", resource[:chain], insert_order]
     args << general_args
     args
   end
@@ -130,7 +130,11 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
     @@resource_list.each do |res|
       if(resource.value(res))
         args << @@resource_map[res].split(' ')
-        args << resource[res]
+        if resource[res].is_a?(Array)
+          args << resource[res].join(',')
+        else
+          args << resource[res]
+        end
       end
     end
     args
diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
index 693df71..f131637 100644
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -106,7 +106,7 @@ Puppet::Type.newtype(:firewall) do
       Accepts a single string or array."
   end
 
-  newproperty(:sport) do
+  newproperty(:sport, :array_matching => :all) do
     desc "The value for the iptables --source-port parameter.
       If an array is specified, values will be passed to multiport module."
 
@@ -119,6 +119,17 @@ Puppet::Type.newtype(:firewall) do
     munge do |value|
       @resource.string_to_port(value)
     end
+
+    def value_to_s(value)
+      value = [value] unless value.is_a?(Array)
+      value.join(',')
+    end
+
+    def change_to_s(currentvalue, newvalue)
+      currentvalue = value_to_s(currentvalue) if currentvalue != :absent
+      newvalue = value_to_s(newvalue)
+      super(currentvalue, newvalue)
+    end
   end
 
   newproperty(:dport, :array_matching => :all) do
-- 
2.45.2