No value is detected for nflog-prefix

[cgrycki]

Describe the Bug

When the module parses existing rules with the nflog-prefix property, it incorrectly identifies the value as an empty string. As a result, every time the puppet agent runs, it detects a change to nflog_prefix and updates the rule with the same value.

The issue seems to stem from an additional space between "--nflog-prefix" and the value in the output of iptables-save and ip6tables-save. The regex that parses this rule appears to be expecting a single space, but there are two spaces.

puppetlabs-firewall/lib/puppet/provider/firewall/firewall.rb

Line 535 in 3ff86aa

value_regex = Regexp.new("(?:(!\\s))?#{value}\\s(?:\"([^\"]*)|([^\"\\s]*))")

Expected Behavior

The module identifies the correct value of the nflog-prefix property when it parses rules from the output of iptables-save and ip6tables-save.

Steps to Reproduce

1. Use this module to manage a rule with the nflog_prefix property configured.
2. Observe from the output of the puppet agent that the rule is updated every time that the agent runs.

Environment

• puppetlabs-firewall 7.0.2
• Puppet Enterprise 2021.7.6
• Puppet Agent 7.27.0
• Ubuntu 22.04

Additional Context

I have also confirmed on Ubuntu 20.04 that the output of iptables-save has two spaces between --nflog-prefix and the value.

[weastur]

+1

[durist]

+1