From 3a6f0fbb9c698b9440f1c21c973822d1b8883124 Mon Sep 17 00:00:00 2001
From: "Kevin M. Gallagher" <kevingallagher@gmail.com>
Date: Thu, 1 Mar 2018 04:24:02 -0800
Subject: Allow inversion of uid_owner match in iptables module (#36073)

Fixes #20747 and updates documentation for uid_owner in iptables.py
---
 lib/ansible/modules/system/iptables.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/ansible/modules/system/iptables.py b/lib/ansible/modules/system/iptables.py
index a5d0bea3f0..73b3fdc0ec 100644
--- a/lib/ansible/modules/system/iptables.py
+++ b/lib/ansible/modules/system/iptables.py
@@ -238,7 +238,9 @@ options:
     version_added: "2.1"
   uid_owner:
     description:
-      - Specifies the UID or username to use in match by owner rule.
+      - Specifies the UID or username to use in match by owner rule. From
+        Ansible 2.6 when the C(!) argument is prepended then the it inverts
+        the rule to apply instead to all users except that one specified.
     version_added: "2.1"
   reject_with:
     description:
@@ -437,6 +439,7 @@ def construct_rule(params):
     append_param(rule, params['limit'], '--limit', False)
     append_param(rule, params['limit_burst'], '--limit-burst', False)
     append_match(rule, params['uid_owner'], 'owner')
+    append_match_flag(rule, params['uid_owner'], '--uid-owner', True)
     append_param(rule, params['uid_owner'], '--uid-owner', False)
     if params['jump'] is None:
         append_jump(rule, params['reject_with'], 'REJECT')
-- 
cgit v1.2.1