From d61ae15ff8276a03856557408a2754f367999d4e Mon Sep 17 00:00:00 2001 From: Joe Julian Date: Tue, 28 May 2013 13:47:33 -0700 Subject: [PATCH] Swap log_prefix and log_level order to match the way it's saved Fixes #184 Signed-off-by: Joe Julian --- lib/puppet/provider/firewall/iptables.rb | 2 +- spec/system/params_spec.rb | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb index d47effa..df8744b 100644 --- a/lib/puppet/provider/firewall/iptables.rb +++ b/lib/puppet/provider/firewall/iptables.rb @@ -87,7 +87,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir # This order can be determined by going through iptables source code or just tweaking and trying manually @resource_list = [:table, :source, :destination, :iniface, :outiface, :proto, :isfragment, :tcp_flags, :gid, :uid, :sport, :dport, :port, :socket, :pkttype, :name, :state, :icmp, :limit, :burst, - :jump, :todest, :tosource, :toports, :log_level, :log_prefix, :reject, :set_mark] + :jump, :todest, :tosource, :toports, :log_prefix, :log_level, :reject, :set_mark] def insert debug 'Inserting rule %s' % resource[:name] diff --git a/spec/system/params_spec.rb b/spec/system/params_spec.rb index abc0f61..3e653d4 100644 --- a/spec/system/params_spec.rb +++ b/spec/system/params_spec.rb @@ -106,4 +106,28 @@ firewall { '#{name}': r.exit_code.should == 2 end end + + it 'test log rule - idempotent' do + iptables_flush_all_tables + + ppm1 = pp({ + 'name' => '004 log all INVALID packets', + 'chain' => 'INPUT', + 'proto' => 'all', + 'state' => 'INVALID', + 'jump' => 'LOG', + 'log_level' => '3', + 'log_prefix' => '"IPTABLES dropped invalid: "', + }) + + puppet_apply(ppm1) do |r| + r.stderr.should be_empty + r.exit_code.should == 2 + end + + puppet_apply(ppm1) do |r| + r.stderr.should be_empty + r.exit_code.should == 0 + end + end end -- 2.45.2