From 161d900831238e1fc70c8736470f646c0049774e Mon Sep 17 00:00:00 2001 From: Alex Harvey Date: Sun, 13 Jan 2019 01:12:41 +1100 Subject: [PATCH] (MODULES-8360) Fix relating to Bugzilla 1015 A fix for Bugzilla #1015 was added in 680738164865a01f554d1e1037c8d8724e39a720. However, it appears that the bug description at https://bugzilla.netfilter.org/show_bug.cgi?id=1015 is not quite accurate, and the -p all hack is required sometimes, but not always. I don't know exactly when it is or isn't required. This patch changes the logic to try both. --- lib/puppet/provider/firewall/iptables.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb index fde6e97..9c67411 100644 --- a/lib/puppet/provider/firewall/iptables.rb +++ b/lib/puppet/provider/firewall/iptables.rb @@ -325,9 +325,15 @@ Puppet::Type.type(:firewall).provide :iptables, parent: Puppet::Provider::Firewa # https://bugzilla.netfilter.org/show_bug.cgi?id=1015 # # This tries deleting again with -p all to see if that helps. + # + # rubocop:disable Lint/HandleExceptions if self.class.instance_variable_get(:@protocol) == 'IPv6' && properties[:proto] == 'all' - iptables delete_args.concat('-p', 'all') + begin + iptables delete_args.concat(['-p', 'all']) + rescue Puppet::ExecutionFailure => e + end end + # rubocop:enable Lint/HandleExceptions # Check to see if the iptables rule is already gone. This can sometimes # happen as a side effect of other resource changes. If it's not gone, -- 2.45.2