From 6438ab2c463b12b78e302f78b3058cf1d0bb7051 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Mon, 11 Feb 2019 15:47:35 +0100 Subject: [PATCH] ufw: check values for direction depending on situation (#50402) * Check values of 'direction'. * Add changelog. * Update lib/ansible/modules/system/ufw.py Co-Authored-By: felixfontein * Update lib/ansible/modules/system/ufw.py (cherry picked from commit 4d3d8dd60f91a1c68bca55824fb88a72bf8eb718) --- changelogs/fragments/50402-ufw-check-direction.yml | 2 ++ lib/ansible/modules/system/ufw.py | 4 ++++ 2 files changed, 6 insertions(+) create mode 100644 changelogs/fragments/50402-ufw-check-direction.yml diff --git a/changelogs/fragments/50402-ufw-check-direction.yml b/changelogs/fragments/50402-ufw-check-direction.yml new file mode 100644 index 0000000000..6fbbfc5854 --- /dev/null +++ b/changelogs/fragments/50402-ufw-check-direction.yml @@ -0,0 +1,2 @@ +bugfixes: +- "ufw: make sure that only valid values for ``direction`` are passed on." diff --git a/lib/ansible/modules/system/ufw.py b/lib/ansible/modules/system/ufw.py index 418e89d8cd..c80d6c3761 100644 --- a/lib/ansible/modules/system/ufw.py +++ b/lib/ansible/modules/system/ufw.py @@ -311,9 +311,13 @@ def main(): execute(cmd + [[command], [value]]) elif command == 'default': + if params['direction'] not in ['outgoing', 'incoming', 'routed']: + module.fail_json(msg='For default, direction must be one of "outgoing", "incoming" and "routed".') execute(cmd + [[command], [value], [params['direction']]]) elif command == 'rule': + if params['direction'] not in ['in', 'out', None]: + module.fail_json(msg='For rules, direction must be one of "in" and "out".') # Rules are constructed according to the long format # # ufw [--dry-run] [route] [delete] [insert NUM] allow|deny|reject|limit [in|out on INTERFACE] [log|log-all] \