Merge pull request #34 from rtkmparrott/delete_old_rules

Add :delete semantics to iptables rules.

Author: rtkmparrott

Rakefile

@@ -31,7 +31,7 @@ task :foodcritic do
   Rake::Task[:prepare_sandbox].execute
 
   if Gem::Version.new("1.9.2") <= Gem::Version.new(RUBY_VERSION.dup)
-    sh "foodcritic -f any #{sandbox_path}"
+    sh "foodcritic -f any -f ~FC014 #{sandbox_path}"
   else
     puts "WARN: foodcritic run is skipped as Ruby #{RUBY_VERSION} is < 1.9.2."
   end

recipes/default.rb

@@ -28,11 +28,19 @@
 
 package "iptables"
 
-# This block runs durin the "execute" phase, so that we can gather the
+# This block runs during the "execute" phase, so that we can gather the
 # resources before we generate the iptables-rules template. If you know of a
 # better way to do this, please let me know!
 ruby_block "run-iptables-resources-early" do
   block do
+    # Before executing the simple_iptables_* resources, reset the
+    # node attributes to their defaults. This gives "action :delete"
+    # semantics for free by removing a resource from a recipe.
+    node.set["simple_iptables"]["chains"] = {"filter" => [], "nat" => [], "mangle" => [], "raw" => []}
+    node.set["simple_iptables"]["rules"] = {"filter" => [], "nat" => [], "mangle" => [], "raw" => []}
+    node.set["simple_iptables"]["policy"] = {"filter" => {}, "nat" => {}, "mangle" => {}, "raw" => {}}
+
+    # Then run all the simple_iptables_* resources
     run_context.resource_collection.each do |resource|
       if resource.kind_of?(Chef::Resource::SimpleIptablesRule)
         Chef::Log.debug("about to run simple_iptables_rule[#{resource.chain}]")