Recognize rule changes even if ufw is in disabled state.
See http://askubuntu.com/questions/30781/see-configured-rules-even-when-inactive for the details.
This commit is contained in:
parent
4d5340587e
commit
37ef39d0fa
1 changed files with 4 additions and 2 deletions
|
@ -203,8 +203,9 @@ def main():
|
||||||
# Ensure ufw is available
|
# Ensure ufw is available
|
||||||
ufw_bin = module.get_bin_path('ufw', True)
|
ufw_bin = module.get_bin_path('ufw', True)
|
||||||
|
|
||||||
# Save the pre state in order to recognize changes reliably
|
# Save the pre state and rules in order to recognize changes
|
||||||
(_, pre_state, _) = module.run_command(ufw_bin + ' status verbose')
|
(_, pre_state, _) = module.run_command(ufw_bin + ' status verbose')
|
||||||
|
(_, pre_rules, _) = module.run_command("grep '^### tuple' /lib/ufw/user*.rules")
|
||||||
|
|
||||||
# Execute commands
|
# Execute commands
|
||||||
for (command, value) in commands.iteritems():
|
for (command, value) in commands.iteritems():
|
||||||
|
@ -244,7 +245,8 @@ def main():
|
||||||
|
|
||||||
# Get the new state
|
# Get the new state
|
||||||
(_, post_state, _) = module.run_command(ufw_bin + ' status verbose')
|
(_, post_state, _) = module.run_command(ufw_bin + ' status verbose')
|
||||||
changed = pre_state != post_state
|
(_, post_rules, _) = module.run_command("grep '^### tuple' /lib/ufw/user*.rules")
|
||||||
|
changed = (pre_state != post_state) or (pre_rules != post_rules)
|
||||||
|
|
||||||
return module.exit_json(changed=changed, commands=cmds, msg=post_state.rstrip())
|
return module.exit_json(changed=changed, commands=cmds, msg=post_state.rstrip())
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue