From 2a59271870f9bd67fda40c9fa3082421f9c5090e Mon Sep 17 00:00:00 2001
From: Andjelko Horvat <andjelko.horvat.comel@gmail.com>
Date: Thu, 8 Dec 2016 23:43:07 +0100
Subject: [PATCH] Add chain to keys list only if defined in the rule

---
 lib/puppet/provider/firewall/iptables.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index cb1d1d3..b43a905 100644
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -435,8 +435,10 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
     end
 
     # Manually remove chain
-    values.slice!('-A')
-    keys << :chain
+    if values =~ /(\s|^)-A\s/
+      values = values.sub(/(\s|^)-A\s/, '\1')
+      keys << :chain
+    end
 
     valrev = values.scan(/("([^"\\]|\\.)*"|\S+)/).transpose[0].reverse
 
-- 
2.45.2