From 1057798b86cd00861e8dd014a91d6ec2007f20d2 Mon Sep 17 00:00:00 2001 From: Georg Koester Date: Sat, 8 Jun 2013 08:15:37 -0700 Subject: [PATCH] Fix #188: -f in comment leads to puppet resource firewall failing. --- lib/puppet/provider/firewall/iptables.rb | 2 +- spec/fixtures/iptables/conversion_hash.rb | 12 +++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb index a9855e0..43ae556 100644 --- a/lib/puppet/provider/firewall/iptables.rb +++ b/lib/puppet/provider/firewall/iptables.rb @@ -166,7 +166,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir if bool == :isfragment then # only replace those -f that are not followed by an l to # distinguish between -f and the '-f' inside of --tcp-flags. - values = values.sub(/-f(?=[^l])/, '-f true') + values = values.sub(/-f(?!l)(?=.*--comment)/, '-f true') end end diff --git a/spec/fixtures/iptables/conversion_hash.rb b/spec/fixtures/iptables/conversion_hash.rb index 7c509d8..870a978 100644 --- a/spec/fixtures/iptables/conversion_hash.rb +++ b/spec/fixtures/iptables/conversion_hash.rb @@ -299,9 +299,10 @@ ARGS_TO_HASH = { }, }, 'isfragment_option' => { - :line => '-A INPUT -f -j ACCEPT', + :line => '-A INPUT -f -m comment --comment "010 a-f comment with dashf" -j ACCEPT', :table => 'filter', :params => { + :name => '010 a-f comment with dashf', :action => 'accept', :isfragment => true, }, @@ -724,4 +725,13 @@ HASH_TO_ARGS = { }, :args => ['-t', :filter, '-p', :all, '-f', '-m', 'comment', '--comment', '050 isfragment option', '-j', 'ACCEPT'], }, + 'isfragment_option not changing -f in comment' => { + :params => { + :name => '050 testcomment-with-fdashf', + :table => 'filter', + :proto => :all, + :action => 'accept', + }, + :args => ['-t', :filter, '-p', :all, '-m', 'comment', '--comment', '050 testcomment-with-fdashf', '-j', 'ACCEPT'], + }, } -- 2.45.2