From a832949aa1d25c122df147f485b19457918ce3cf Mon Sep 17 00:00:00 2001
From: Jan Vansteenkiste <jan@vstone.eu>
Date: Thu, 23 Aug 2012 08:51:24 +0200
Subject: [PATCH] Generic generating command line options for negated rules

---
 lib/puppet/provider/firewall/iptables.rb | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index 147c728..81f8b19 100644
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -357,6 +357,12 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
         next
       end
 
+      ## Generic negating of rules
+      if resource_value =~ /!\s?(.*)/
+        resource_value = $1
+        args << "!"
+      end
+
       args << [resource_map[res]].flatten.first.split(' ')
 
       # For sport and dport, convert hyphens to colons since the type
@@ -374,10 +380,6 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
         one, two = resource_value.split(' ')
         args << one
         args << two
-      elsif res == :source or res == :destination
-        one, two = resource_value.split(' ')
-        args << one
-        args << two unless two == nil
       elsif resource_value.is_a?(Array)
         args << resource_value.join(',')
       elsif !resource_value.nil?
-- 
2.45.2