From f5ed8d0c6e7e85976ae77caff660bfabde199bba Mon Sep 17 00:00:00 2001
From: Brian Coca <brian.coca+git@gmail.com>
Date: Mon, 2 Nov 2015 12:11:38 -0500
Subject: [PATCH] made ctstate accept lists

---
 system/iptables.py | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/system/iptables.py b/system/iptables.py
index 59dc187c543..29010b730e5 100644
--- a/system/iptables.py
+++ b/system/iptables.py
@@ -205,9 +205,8 @@ options:
     required: false
   ctstate:
     description:
-      - "ctstate is a comma separated list of the connection states to match in
-        the conntrack module. Possible states are: 'INVALID', 'NEW',
-        'ESTABLISHED', 'RELATED', 'UNTRACKED', 'SNAT', 'DNAT'"
+      - "ctstate is a list of the connection states to match in the conntrack module.
+        Possible states are: 'INVALID', 'NEW', 'ESTABLISHED', 'RELATED', 'UNTRACKED', 'SNAT', 'DNAT'"
     required: false
 '''
 
@@ -264,7 +263,7 @@ def construct_rule(params):
     append_comm(rule, params['comment'])
     append_param(rule, params['comment'], '--comment', False)
     append_conntrack(rule, params['ctstate'])
-    append_param(rule, params['ctstate'], '--ctstate', False)
+    append_param(rule, ','.join(params['ctstate']), '--ctstate', False)
     return rule
 
 
@@ -314,7 +313,7 @@ def main():
             destination_port=dict(required=False, default=None, type='str'),
             to_ports=dict(required=False, default=None, type='str'),
             comment=dict(required=False, default=None, type='str'),
-            ctstate=dict(required=False, default=None, type='str'),
+            ctstate=dict(required=False, default=None, type='list'),
         ),
     )
     args = dict(