saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

modules: iptables: correctly parse --nfmask/--ctmask

Browse source 
`iptables-save` can return rules like this one:

```
-A PREROUTING -m connmark ! --mark 0x0/0xffff0000 -j CONNMARK \
--restore-mark --nfmask 0xffff0000 --ctmask 0xffff0000
```

which leads to the following behavior:

```
$ salt '*' iptables.get_rules
minion:
    Minion did not return. [No response]
```

This commit fixes the behavior of `iptables.get_rules` in this case,
which also fixes the `iptables.append` state when such a rule already
exists on the minion.
This commit is contained in:
Benoît Knecht 2017-08-23 16:40:11 +02:00
parent 6adc03e4b4
commit 3c1ddc9bde
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
salt/modules/iptables.py
View file

@ -1455,6 +1455,8 @@ def _parser():
add_arg('--or-mark', dest='or-mark', action='append')
add_arg('--xor-mark', dest='xor-mark', action='append')
add_arg('--set-mark', dest='set-mark', action='append')
add_arg('--nfmask', dest='nfmask', action='append')
add_arg('--ctmask', dest='ctmask', action='append')
## CONNSECMARK
add_arg('--save', dest='save', action='append')
add_arg('--restore', dest='restore', action='append')