Add insert support to iptables. (#1180)
Add insert support to iptables.
This commit is contained in:
parent
677a2dd66d
commit
735c1b6219
1 changed files with 19 additions and 1 deletions
|
@ -56,6 +56,14 @@ options:
|
||||||
required: false
|
required: false
|
||||||
default: present
|
default: present
|
||||||
choices: [ "present", "absent" ]
|
choices: [ "present", "absent" ]
|
||||||
|
action:
|
||||||
|
version_added: "2.2"
|
||||||
|
description:
|
||||||
|
- Whether the rule should be appended at the bottom or inserted at the
|
||||||
|
top. If the rule already exists the chain won't be modified.
|
||||||
|
required: false
|
||||||
|
default: append
|
||||||
|
choices: [ "append", "insert" ]
|
||||||
ip_version:
|
ip_version:
|
||||||
description:
|
description:
|
||||||
- Which version of the IP protocol this rule should apply to.
|
- Which version of the IP protocol this rule should apply to.
|
||||||
|
@ -372,6 +380,11 @@ def append_rule(iptables_path, module, params):
|
||||||
module.run_command(cmd, check_rc=True)
|
module.run_command(cmd, check_rc=True)
|
||||||
|
|
||||||
|
|
||||||
|
def insert_rule(iptables_path, module, params):
|
||||||
|
cmd = push_arguments(iptables_path, '-I', params)
|
||||||
|
module.run_command(cmd, check_rc=True)
|
||||||
|
|
||||||
|
|
||||||
def remove_rule(iptables_path, module, params):
|
def remove_rule(iptables_path, module, params):
|
||||||
cmd = push_arguments(iptables_path, '-D', params)
|
cmd = push_arguments(iptables_path, '-D', params)
|
||||||
module.run_command(cmd, check_rc=True)
|
module.run_command(cmd, check_rc=True)
|
||||||
|
@ -383,6 +396,7 @@ def main():
|
||||||
argument_spec=dict(
|
argument_spec=dict(
|
||||||
table=dict(required=False, default='filter', choices=['filter', 'nat', 'mangle', 'raw', 'security']),
|
table=dict(required=False, default='filter', choices=['filter', 'nat', 'mangle', 'raw', 'security']),
|
||||||
state=dict(required=False, default='present', choices=['present', 'absent']),
|
state=dict(required=False, default='present', choices=['present', 'absent']),
|
||||||
|
action=dict(required=False, default='append', type='str', choices=['append', 'insert']),
|
||||||
ip_version=dict(required=False, default='ipv4', choices=['ipv4', 'ipv6']),
|
ip_version=dict(required=False, default='ipv4', choices=['ipv4', 'ipv6']),
|
||||||
chain=dict(required=True, default=None, type='str'),
|
chain=dict(required=True, default=None, type='str'),
|
||||||
protocol=dict(required=False, default=None, type='str'),
|
protocol=dict(required=False, default=None, type='str'),
|
||||||
|
@ -422,6 +436,7 @@ def main():
|
||||||
rule=' '.join(construct_rule(module.params)),
|
rule=' '.join(construct_rule(module.params)),
|
||||||
state=module.params['state'],
|
state=module.params['state'],
|
||||||
)
|
)
|
||||||
|
insert = (module.params['action'] == 'insert')
|
||||||
ip_version = module.params['ip_version']
|
ip_version = module.params['ip_version']
|
||||||
iptables_path = module.get_bin_path(BINS[ip_version], True)
|
iptables_path = module.get_bin_path(BINS[ip_version], True)
|
||||||
rule_is_present = check_present(iptables_path, module, module.params)
|
rule_is_present = check_present(iptables_path, module, module.params)
|
||||||
|
@ -439,7 +454,10 @@ def main():
|
||||||
module.exit_json(**args)
|
module.exit_json(**args)
|
||||||
|
|
||||||
if should_be_present:
|
if should_be_present:
|
||||||
append_rule(iptables_path, module, module.params)
|
if insert:
|
||||||
|
insert_rule(iptables_path, module, module.params)
|
||||||
|
else:
|
||||||
|
append_rule(iptables_path, module, module.params)
|
||||||
else:
|
else:
|
||||||
remove_rule(iptables_path, module, module.params)
|
remove_rule(iptables_path, module, module.params)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue