From c3271befda9cda053c9caf2a4d2d4e0758fdcb79 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Mon, 11 Feb 2019 20:34:39 +0100 Subject: [PATCH] Prevent bug in 'ufw --dry-run reset' to delete firewall rules. --- changelogs/fragments/ufw-reset-check-mode.yaml | 2 ++ lib/ansible/modules/system/ufw.py | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 changelogs/fragments/ufw-reset-check-mode.yaml diff --git a/changelogs/fragments/ufw-reset-check-mode.yaml b/changelogs/fragments/ufw-reset-check-mode.yaml new file mode 100644 index 00000000000..7328ad41835 --- /dev/null +++ b/changelogs/fragments/ufw-reset-check-mode.yaml @@ -0,0 +1,2 @@ +bugfixes: +- "ufw - when using ``state: reset`` in check mode, ``ufw --dry-run reset`` was executed, which causes a loss of firewall rules. The ``ufw`` module was adjusted to no longer run ``ufw --dry-run reset`` to prevent this from happening." diff --git a/lib/ansible/modules/system/ufw.py b/lib/ansible/modules/system/ufw.py index a887b375147..418e89d8cda 100644 --- a/lib/ansible/modules/system/ufw.py +++ b/lib/ansible/modules/system/ufw.py @@ -301,6 +301,8 @@ def main(): cmd = [[ufw_bin], [module.check_mode, '--dry-run']] if command == 'state': + if value == 'reset' and module.check_mode: + continue states = {'enabled': 'enable', 'disabled': 'disable', 'reloaded': 'reload', 'reset': 'reset'} execute(cmd + [['-f'], [states[value]]])