From b9bc64c7f911d654950f9dcf6766065cf3199c9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20N=C3=A4hring?= Date: Fri, 15 Dec 2017 23:08:40 +0100 Subject: [PATCH] Adding param "rule_num" for insert action to iptables module (#33708) * Added rule_num parameter for insert action in iptables module --- lib/ansible/modules/system/iptables.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/lib/ansible/modules/system/iptables.py b/lib/ansible/modules/system/iptables.py index f7dbf1cd39d..a5d0bea3f0e 100644 --- a/lib/ansible/modules/system/iptables.py +++ b/lib/ansible/modules/system/iptables.py @@ -52,6 +52,11 @@ options: choices: [ append, insert ] default: append version_added: "2.2" + rule_num: + description: + - Insert the rule as the given rule number. This works only with + action = 'insert'. + version_added: "2.5" ip_version: description: - Which version of the IP protocol this rule should apply to. @@ -316,6 +321,14 @@ EXAMPLES = ''' set_dscp_mark_class: CS1 protocol: tcp +# Insert a rule on line 5 +- iptables: + chain: INPUT + protocol: tcp + destination_port: 8080 + jump: ACCEPT + rule_num: 5 + # Set the policy for the INPUT chain to DROP - iptables: chain: INPUT @@ -440,6 +453,8 @@ def push_arguments(iptables_path, action, params, make_rule=True): cmd = [iptables_path] cmd.extend(['-t', params['table']]) cmd.extend([action, params['chain']]) + if action == '-I' and params['rule_num']: + cmd.extend([params['rule_num']]) if make_rule: cmd.extend(construct_rule(params)) return cmd @@ -496,6 +511,7 @@ def main(): action=dict(type='str', default='append', choices=['append', 'insert']), ip_version=dict(type='str', default='ipv4', choices=['ipv4', 'ipv6']), chain=dict(type='str'), + rule_num=dict(type='str'), protocol=dict(type='str'), source=dict(type='str'), to_source=dict(type='str'),