Merge pull request #204 from georgkoester/fix188

Fix #188: -f in comment leads to puppet resource firewall failing.
puppetlabs · Jun 10, 2013 · 972310d · 972310d
2 parents 900ef11 + 1057798
commit 972310d
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
@@ -166,7 +166,7 @@ def self.rule_to_hash(line, table, counter)
       if bool == :isfragment then
         # only replace those -f that are not followed by an l to
         # distinguish between -f and the '-f' inside of --tcp-flags.
-        values = values.sub(/-f(?=[^l])/, '-f true')
+        values = values.sub(/-f(?!l)(?=.*--comment)/, '-f true')
       end
     end
 

diff --git a/spec/fixtures/iptables/conversion_hash.rb b/spec/fixtures/iptables/conversion_hash.rb
@@ -299,9 +299,10 @@
     },
   },
   'isfragment_option' => {
-    :line => '-A INPUT -f -j ACCEPT',
+    :line => '-A INPUT -f -m comment --comment "010 a-f comment with dashf" -j ACCEPT',
     :table => 'filter',
     :params => {
+      :name => '010 a-f comment with dashf',
       :action => 'accept',
       :isfragment => true,
     },
@@ -724,4 +725,13 @@
     },
     :args => ['-t', :filter, '-p', :all, '-f', '-m', 'comment', '--comment', '050 isfragment option', '-j', 'ACCEPT'],
   },
+  'isfragment_option not changing -f in comment' => {
+    :params => {
+      :name => '050 testcomment-with-fdashf',
+      :table => 'filter',
+      :proto => :all,
+      :action => 'accept',
+    },
+    :args => ['-t', :filter, '-p', :all, '-m', 'comment', '--comment', '050 testcomment-with-fdashf', '-j', 'ACCEPT'],
+  },
 }