iptables policy state never changed

[ansibot]

From @cranebytes on 2016-10-13T12:23:58Z

ISSUE TYPE

• Bug Report

COMPONENT NAME

iptables

ANSIBLE VERSION

ansible --version
ansible 2.3.0 (devel 6be09ee866) last updated 2016/10/12 15:01:20 (GMT +200)
  lib/ansible/modules/core: (detached HEAD 275fa3f055) last updated 2016/10/12 21:06:11 (GMT +200)
  lib/ansible/modules/extras: (detached HEAD 6c31d91fa5) last updated 2016/10/12 21:06:16 (GMT +200)
  config file = /Users/crane/live/ansible.cfg
  configured module search path = Default w/o overrides

CONFIGURATION

OS / ENVIRONMENT

SUMMARY

The state of the task is never changed even when it changed things.

STEPS TO REPRODUCE

- name: Setting policy drop
  iptables:
    chain: "{{ item[0] }}"
    policy: DROP
    ip_version: "{{ item[1] }}"
  with_nested:
    - ['INPUT', 'OUTPUT', 'FORWARD']
    - ['ipv4', 'ipv6']

EXPECTED RESULTS

I expect the state is changed when the policy is changed

ACTUAL RESULTS

State never changed

TASK [crane.firewall : Setting policy drop] *******************************
task path: /Users/crane/live/roles/crane.firewall/tasks/main.yml:15
Using module file /Users/crane/ansible/lib/ansible/modules/extras/system/iptables.py
<test> ESTABLISH SSH CONNECTION FOR USER: root
<test> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/crane/.ssh/id_ed25519"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 -o ControlPath=/Users/crane/.ansible/cp/ansible-ssh-%h-%p-%r test '/bin/sh -c '"'"'/usr/bin/python && sleep 0'"'"''
ok: [test] => (item=[u'INPUT', u'ipv4']) => {
    "chain": "INPUT",
    "changed": false,
    "failed": false,
    "flush": false,
    "invocation": {
        "module_args": {
            "action": "append",
            "chain": "INPUT",
            "comment": null,
            "ctstate": [],
            "destination": null,
            "destination_port": null,
            "flush": false,
            "fragment": null,
            "goto": null,
            "icmp_type": null,
            "in_interface": null,
            "ip_version": "ipv4",
            "jump": null,
            "limit": null,
            "limit_burst": null,
            "match": [],
            "out_interface": null,
            "policy": "DROP",
            "protocol": null,
            "reject_with": null,
            "set_counters": null,
            "set_dscp_mark": null,
            "set_dscp_mark_class": null,
            "source": null,
            "source_port": null,
            "state": "present",
            "table": "filter",
            "to_destination": null,
            "to_ports": null,
            "to_source": null,
            "uid_owner": null
        },
        "module_name": "iptables"
    },
    "ip_version": "ipv4",
    "item": [
        "INPUT",
        "ipv4"
    ],
    "rule": "",
    "state": "present",
    "table": "filter"
}
[...] (Cut off to save space)

Copied from original issue: ansible/ansible-modules-extras#3156

[ansibot]

From @ansibot on 2016-10-13T12:23:58Z

@LinusU ping, this issue is waiting for your response.
click here for bot help

[ansibot]

From @craneworks on 2016-10-13T12:23:58Z

I see this also in v2.2.0.0-0.1.rc1.

[ansibot]

From @LinusU on 2016-10-13T12:23:58Z

needs_contributor

[sebastiendarocha]

Didn't reproduce on 2.5.0.0

Fixed by 3691c78

@mscherer could you close this ?