Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #300 for match extension protocol #302

Merged
merged 1 commit into from
Feb 6, 2014

Conversation

hunner
Copy link
Contributor

@hunner hunner commented Feb 6, 2014

So... #300 fixed matching -m (tcp|udp) at the beginning of -m multiport or --dport or --sport rules, but broke actual creation
of those rules because -m (tcp|udp) was used as an iptables argument,
which it is not.

This change removes the problematic argument from @resource_map and
instead just substitutes -m (tcp|udp) out of any existing rules before
matching. The -m tcp match extension arguments are optional anyway,
and not needed for iptables functionality and don't change the semantics
at all.

So... puppetlabs#300 fixed matching `-m (tcp|udp)` at the beginning of `-m
multiport` or `--dport` or `--sport` rules, but broke actual *creation*
of those rules because `-m (tcp|udp)` was used as an iptables argument,
which it is not.

This change removes the problematic argument from `@resource_map` and
instead just substitutes `-m (tcp|udp)` out of any existing rules before
matching. The `-m tcp` match extension arguments are optional anyway,
and not needed for iptables functionality and don't change the semantics
at all.
apenney pushed a commit that referenced this pull request Feb 6, 2014
Fix #300 for match extension protocol
@apenney apenney merged commit f3a7b49 into puppetlabs:master Feb 6, 2014
@hunner hunner deleted the fix_match_extension branch February 6, 2014 21:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants