Don't arbitrarily limit set_mark to certain chains

set_mark is not only allowed in PREROUTING or OUTPUT chain, but also in custom chains, which are called from these.
xbezdick · Oct 27, 2014 · edcc4ba · edcc4ba
1 parent db96537
commit edcc4ba
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
@@ -1066,10 +1066,9 @@ def should_to_s(value)
 
     if value(:set_mark)
       unless value(:jump).to_s  =~ /MARK/ &&
-             value(:chain).to_s =~ /PREROUTING|OUTPUT/ &&
              value(:table).to_s =~ /mangle/
         self.fail "Parameter set_mark only applies to " \
-          "the PREROUTING or OUTPUT chain of the mangle table and when jump => MARK"
+          "the mangle table and when jump => MARK"
       end
     end