From c648edfbae11aeb129084b3cd93dd8f439a3b027 Mon Sep 17 00:00:00 2001 From: Romain Brucker Date: Fri, 30 Oct 2015 11:29:05 -0500 Subject: Adding comment support for iptables module --- system/iptables.py | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'system') diff --git a/system/iptables.py b/system/iptables.py index 402146f7..7a2b7f9c 100644 --- a/system/iptables.py +++ b/system/iptables.py @@ -199,6 +199,10 @@ options: rule also specifies one of the following protocols: tcp, udp, dccp or sctp." required: false + comment: + description: + - "This specifies a comment that will be added to the rule" + required: false ''' EXAMPLES = ''' @@ -207,7 +211,7 @@ EXAMPLES = ''' become: yes # Forward port 80 to 8600 -- iptables: table=nat chain=PREROUTING in_interface=eth0 protocol=tcp match=tcp destination_port=80 jump=REDIRECT to_ports=8600 +- iptables: table=nat chain=PREROUTING in_interface=eth0 protocol=tcp match=tcp destination_port=80 jump=REDIRECT to_ports=8600 comment="Redirect web traffic to port 8600" become: yes ''' @@ -220,6 +224,11 @@ def append_param(rule, param, flag, is_list): if param is not None: rule.extend([flag, param]) +def append_comm(rule, param): + if param: + rule.extend(['-m']) + rule.extend(['comment']) + def construct_rule(params): rule = [] @@ -236,6 +245,8 @@ def construct_rule(params): append_param(rule, params['source_port'], '--source-port', False) append_param(rule, params['destination_port'], '--destination-port', False) append_param(rule, params['to_ports'], '--to-ports', False) + append_comm(rule, params['comment']) + append_param(rule, params['comment'], '--comment', False) return rule @@ -284,6 +295,7 @@ def main(): source_port=dict(required=False, default=None, type='str'), destination_port=dict(required=False, default=None, type='str'), to_ports=dict(required=False, default=None, type='str'), + comment=dict(required=False, default=None, type='str'), ), ) args = dict( -- cgit v1.2.1