From 93f38b6ecc583da35b9e07092a14efd65da51cff Mon Sep 17 00:00:00 2001 From: Tim Skirvin Date: Wed, 10 Mar 2021 09:03:40 -0600 Subject: [PATCH] lib/puppet/provider/firewall/iptables.rb - comments cleanup for parsing Per , there are problems with parsing some iptables rules with space and quotes (specifically ones created by podman). This re-clears the comments field if it made it through earlier parsing. --- CHANGELOG.md | 9 +++++++++ lib/puppet/provider/firewall/iptables.rb | 5 +++++ 2 files changed, 14 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 808e289..930444b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,15 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). +## Unversioned + +### iptables.rb + +There are cases where spaces and quotes in iptables comments generated by +mainstream sources (e.g. podman) were causing rules to not parse properly. +We didn't fix the whole problem, but we removed those comments for parsing +purposes.1 + ## [v3.0.0](https://github.com/puppetlabs/puppetlabs-firewall/tree/v3.0.0) (2021-03-01) [Full Changelog](https://github.com/puppetlabs/puppetlabs-firewall/compare/v2.8.1...v3.0.0) diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb index 74eb4a1..f423949 100644 --- a/lib/puppet/provider/firewall/iptables.rb +++ b/lib/puppet/provider/firewall/iptables.rb @@ -575,6 +575,11 @@ Puppet::Type.type(:firewall).provide :iptables, parent: Puppet::Provider::Firewa keys << :table end + # manually remove comments if they made it this far + if values =~ %r{-m comment --comment} + values = values.sub(%r{-m comment --comment "((?:\\"|[^"])*)"}, {}) + end + valrev = values.scan(%r{("([^"\\]|\\.)*"|\S+)}).transpose[0].reverse if keys.length != valrev.length -- 2.45.2