diff options
| author | Daniel Vigueras <daniel@danielvigueras.com> | 2016-05-16 22:25:52 +0200 |
|---|---|---|
| committer | Adrian Likins <alikins@redhat.com> | 2016-05-16 16:25:52 -0400 |
| commit | 735c1b6219f13f73597c3944a50b4e505417b612 (patch) | |
| tree | d2d5d015f46a659faa8cd3783c2e271828e9a5c0 /system/iptables.py | |
| parent | 677a2dd66d5e1788eacc5d849ce6e1cc7d799833 (diff) | |
| download | ansible-modules-extras-735c1b6219f13f73597c3944a50b4e505417b612.tar.gz | |
Add insert support to iptables. (#1180)
Add insert support to iptables.
Diffstat (limited to 'system/iptables.py')
| -rw-r--r-- | system/iptables.py | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/system/iptables.py b/system/iptables.py index f2298570..d874161c 100644 --- a/system/iptables.py +++ b/system/iptables.py @@ -56,6 +56,14 @@ options: required: false default: present choices: [ "present", "absent" ] + action: + version_added: "2.2" + description: + - Whether the rule should be appended at the bottom or inserted at the + top. If the rule already exists the chain won't be modified. + required: false + default: append + choices: [ "append", "insert" ] ip_version: description: - Which version of the IP protocol this rule should apply to. @@ -372,6 +380,11 @@ def append_rule(iptables_path, module, params): module.run_command(cmd, check_rc=True) +def insert_rule(iptables_path, module, params): + cmd = push_arguments(iptables_path, '-I', params) + module.run_command(cmd, check_rc=True) + + def remove_rule(iptables_path, module, params): cmd = push_arguments(iptables_path, '-D', params) module.run_command(cmd, check_rc=True) @@ -383,6 +396,7 @@ def main(): argument_spec=dict( table=dict(required=False, default='filter', choices=['filter', 'nat', 'mangle', 'raw', 'security']), state=dict(required=False, default='present', choices=['present', 'absent']), + action=dict(required=False, default='append', type='str', choices=['append', 'insert']), ip_version=dict(required=False, default='ipv4', choices=['ipv4', 'ipv6']), chain=dict(required=True, default=None, type='str'), protocol=dict(required=False, default=None, type='str'), @@ -422,6 +436,7 @@ def main(): rule=' '.join(construct_rule(module.params)), state=module.params['state'], ) + insert = (module.params['action'] == 'insert') ip_version = module.params['ip_version'] iptables_path = module.get_bin_path(BINS[ip_version], True) rule_is_present = check_present(iptables_path, module, module.params) @@ -439,7 +454,10 @@ def main(): module.exit_json(**args) if should_be_present: - append_rule(iptables_path, module, module.params) + if insert: + insert_rule(iptables_path, module, module.params) + else: + append_rule(iptables_path, module, module.params) else: remove_rule(iptables_path, module, module.params) |