From 69415a97da7ae591be2a080537a10ce1232ea2a9 Mon Sep 17 00:00:00 2001
From: Mark Nejedlo <Mark.Nejedlo@tdstelecom.com>
Date: Fri, 5 Jun 2020 10:22:44 -0500
Subject: [PATCH] fix parsing of '! --hex-string' from iptables-save

iptables-save outputs the value of --hex-string inside quotes, which was
causing quotes inside quotes problems with the value.  This change adds
a special case parser for --hex-string to get the ! inside the quotes
and eliminate the doubled quotation marks
---
 lib/puppet/provider/firewall/iptables.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index 7dace71..6068aad 100644
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -449,6 +449,8 @@ Puppet::Type.type(:firewall).provide :iptables, parent: Puppet::Provider::Firewa
     # --tcp-flags takes two values; we cheat by adding " around it
     # so it behaves like --comment
     values = values.gsub(%r{(!\s+)?--tcp-flags (\S*) (\S*)}, '--tcp-flags "\1\2 \3"')
+    # --hex-string output is in quotes, need to move ! inside quotes
+    values = values.gsub(%r{(!\s+)?--hex-string "(\S*?)"}, '--hex-string "\1\2"')
     # --match-set can have multiple values with weird iptables format
     if values =~ %r{-m set (!\s+)?--match-set}
       values = values.gsub(%r{(!\s+)?--match-set (\S*) (\S*)}, '--match-set \1\2 \3')
-- 
2.45.2