Prevent bug in 'ufw --dry-run reset' to delete firewall rules.

7 years ago · c3271befda
parent 0093b69935
commit c3271befda
2 changed files with 4 additions and 0 deletions
--- a/changelogs/fragments/ufw-reset-check-mode.yaml
+++ b/changelogs/fragments/ufw-reset-check-mode.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- "ufw - when using ``state: reset`` in check mode, ``ufw --dry-run reset`` was executed, which causes a loss of firewall rules. The ``ufw`` module was adjusted to no longer run ``ufw --dry-run reset`` to prevent this from happening."
--- a/lib/ansible/modules/system/ufw.py
+++ b/lib/ansible/modules/system/ufw.py
@ -301,6 +301,8 @@ def main():
        cmd = [[ufw_bin], [module.check_mode, '--dry-run']]

        if command == 'state':
+            if value == 'reset' and module.check_mode:
+                continue
            states = {'enabled': 'enable', 'disabled': 'disable',
                      'reloaded': 'reload', 'reset': 'reset'}
            execute(cmd + [['-f'], [states[value]]])