Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix repeated refresh if `-j REJECT` is used without `--with-reject`

  • Loading branch information...
commit ec6e85b281a20ba06c81a98152eaad9715ef14a4 1 parent a7ab7e3
@dcarley dcarley authored
Showing with 6 additions and 5 deletions.
  1. +6 −5 lib/puppet/type/iptables.rb
View
11 lib/puppet/type/iptables.rb
@@ -833,6 +833,7 @@ def initialize(args)
full_string += " -j " + value(:jump).to_s
alt_string += " -j " + value(:jump).to_s
+ value_reject = ""
if value(:jump).to_s == "DNAT"
if value(:table).to_s != "nat"
invalidrule = true
@@ -864,10 +865,10 @@ def initialize(args)
alt_string += " --to-ports " + value(:toports).to_s
end
elsif value(:jump).to_s == "REJECT"
- if value(:reject).to_s != ""
- full_string += " --reject-with " + value(:reject).to_s
- alt_string += " --reject-with " + value(:reject).to_s
- end
+ # Apply the default rejection type if none is specified.
+ value_reject = value(:reject).to_s != "" ? value(:reject).to_s : "icmp-port-unreachable"
+ full_string += " --reject-with " + value_reject
+ alt_string += " --reject-with " + value_reject
elsif value(:jump).to_s == "LOG"
if value(:log_level).to_s != ""
full_string += " --log-level " + value(:log_level).to_s
@@ -911,7 +912,7 @@ def initialize(args)
'todest' => value(:todest).to_s,
'tosource' => value(:tosource).to_s,
'toports' => value(:toports).to_s,
- 'reject' => value(:reject).to_s,
+ 'reject' => value_reject,
'redirect' => value(:redirect).to_s,
'log_level' => value(:log_level).to_s,
'log_prefix' => value(:log_prefix).to_s,
Please sign in to comment.
Something went wrong with that request. Please try again.