From 35943dec4abf11005321450d495f77c27907a614 Mon Sep 17 00:00:00 2001
From: Jonathan Tripathy <jt@puppetlabs.com>
Date: Thu, 25 Jun 2015 14:14:18 +0100
Subject: [PATCH] Fix for physdev idempotency on EL5

---
 lib/puppet/provider/firewall/iptables.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index 4bcf4c4fb..fcf9373d0 100644
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -329,6 +329,8 @@ def self.rule_to_hash(line, table, counter)
     values = values.gsub(/(!)\s*(-\S+)\s*(\S*)/, '\2 "\1 \3"')
     # The match extension for tcp & udp are optional and throws off the @resource_map.
     values = values.gsub(/(?!-m tcp --tcp-flags)-m (tcp|udp) /, '')
+    # There is a bug in EL5 which puts 2 spaces before physdev, so we fix it
+    values = values.gsub(/\s{2}--physdev/, ' --physdev')
     # '--pol ipsec' takes many optional arguments; we cheat again by adding " around them
     values = values.sub(/
         --pol\sipsec