Added a function for the cleanup of test chains so the cleanup commands can be called from several places where cleaning is needed. Partly based on pull request #18 which also adds extra cleanup code...

Author: Sander van Harmelen

providers/rule.rb

@@ -12,7 +12,9 @@
 
   if not node["simple_iptables"]["chains"][new_resource.table].include?(new_resource.chain)
     node.set["simple_iptables"]["chains"][new_resource.table] = node["simple_iptables"]["chains"][new_resource.table].dup << new_resource.chain unless ["PREROUTING", "INPUT", "FORWARD", "OUTPUT", "POSTROUTING"].include?(new_resource.chain)
-    node.set["simple_iptables"]["rules"][new_resource.table] = node["simple_iptables"]["rules"][new_resource.table].dup << "-A #{new_resource.direction} --jump #{new_resource.chain}"
+    unless new_resource.chain == new_resource.direction
+      node.set["simple_iptables"]["rules"][new_resource.table] = node["simple_iptables"]["rules"][new_resource.table].dup << "-A #{new_resource.direction} --jump #{new_resource.chain}"
+    end
   end
 
   # Then apply the rules to the node
@@ -30,28 +32,35 @@
 
 def test_rules(new_resource, rules)
   test_chains = ["_chef_lwrp_test1"]
+  cleanup_test_chain(new_resource.table, test_chains.first)
   shell_out!("iptables --table #{new_resource.table} --new-chain #{test_chains.first}")
   begin
     rules.each do |rule|
       new_rule = rule_string(new_resource, rule, true)
       new_rule.gsub!("-A #{new_resource.chain}", "-A #{test_chains.first}")
 
-      # Test for jumps to chains that are not actually created on the system, but are already processed in the current recipe
+      # Test for jumps to chains that are not actually created on the systemyet, but are already processed in the current recipe
       if node["simple_iptables"]["chains"][new_resource.table].include?(new_resource.jump)
         test_chains.push("_chef_lwrp_test2")
+        cleanup_test_chain(new_resource.table, test_chains.last)
         shell_out!("iptables --table #{new_resource.table} --new-chain #{test_chains.last}")
         new_rule.gsub!("--jump #{new_resource.jump}", "--jump #{test_chains.last}")
       end
       shell_out!("iptables #{new_rule}")
     end
   ensure
     test_chains.each do |test_chain|
-      shell_out("iptables --table #{new_resource.table} --flush #{test_chain}")
-      shell_out("iptables --table #{new_resource.table} --delete-chain #{test_chain}")
+      cleanup_test_chain(new_resource.table, test_chain)
     end
   end
 end
 
+def cleanup_test_chain(table, chain)
+  #always flush and remove first in case the previous run left it lying around. Ignore any return values.
+  shell_out("iptables --table #{table} --flush #{chain}")
+  shell_out("iptables --table #{table} --delete-chain #{chain}")
+end
+
 def rule_string(new_resource, rule, include_table)
   jump = new_resource.jump ? "--jump #{new_resource.jump} " : ""
   table = include_table ? "--table #{new_resource.table} " : ""