From 116cf1dade2b4637967ce361c2d34fc02b0cd580 Mon Sep 17 00:00:00 2001
From: Joe Julian <me@joejulian.name>
Date: Thu, 30 May 2013 18:59:23 -0700
Subject: [PATCH] Fixed dumb logic error

---
 lib/puppet/provider/firewall/iptables.rb | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index 4f03371..a9855e0 100644
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -233,13 +233,12 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
     # Puppet-firewall requires that all rules have comments (resource names) and match this 
     # regex and will fail if a rule in iptables does not have a comment. We get around this 
     # by appending a high level
-    if not /^\d+[[:alpha:][:digit:][:punct:][:space:]]+$/ =~ hash[:name]
-      num = 9000 + counter
-      hash[:name] = "#{num} #{/([[:alpha:][:digit:][:punct:][:space:]]+)/.match(hash[:name])[1]}"
-    end
     if ! hash[:name]
       num = 9000 + counter
       hash[:name] = "#{num} #{Digest::MD5.hexdigest(line)}"
+    elsif not /^\d+[[:alpha:][:digit:][:punct:][:space:]]+$/ =~ hash[:name]
+      num = 9000 + counter
+      hash[:name] = "#{num} #{/([[:alpha:][:digit:][:punct:][:space:]]+)/.match(hash[:name])[1]}"
     end
 
     # Iptables defaults to log_level '4', so it is omitted from the output of iptables-save.
-- 
2.45.2