Move table and target to before the other rule arguments

Some commands in IPTables are order dependent. In particular, I have seen this with the --to-dest and the --to-source arguments for DNAT and SNAT respectively. Below is an example rule which demonstrates the issue. $ iptables -A PREROUTING -p tcp -i eth0 --dport 4000 \ --to-dest 10.3.0.6:4000 -t nat -j DNAT iptables v1.6.0: unknown option "--to-dest" $ iptables -A PREROUTING -p tcp -i eth0 --dport 4000 \ -j DNAT --to-dest 10.3.0.6:4000 -t nat Signed-off-by: Russell Sim <russell.sim@gmail.com>
author: Russell Sim <russell.sim@gmail.com> 2018-03-19 20:06:46 +0100
committer: Joey Hess <joeyh@joeyh.name> 2018-03-20 17:08:17 -0400
commit: 16cf95d7200dd5e042ac96505d4f3eede84ceb87 (patch)
tree: 91a47fde23bd5977ccb3181073aa6c7139660b73 /src/Propellor/Property
parent: 5eff411be00981ccbbab5838ecb13a7530a1d0d9 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs
index 736a4458..bbc14473 100644
--- a/src/Propellor/Property/Firewall.hs
+++ b/src/Propellor/Property/Firewall.hs
@@ -44,8 +44,8 @@ rule c tb tg rs = property ("firewall rule: " <> show r) addIpTable
 toIpTable :: Rule -> [CommandParam]
 toIpTable r =  map Param $
 	val (ruleChain r) :
-	toIpTableArg (ruleRules r) ++
-	["-t", val (ruleTable r), "-j", val (ruleTarget r)]
+	["-t", val (ruleTable r), "-j", val (ruleTarget r)] ++
+	toIpTableArg (ruleRules r)
 
 toIpTableArg :: Rules -> [String]
 toIpTableArg Everything = []
author	Russell Sim <russell.sim@gmail.com>	2018-03-19 20:06:46 +0100
committer	Joey Hess <joeyh@joeyh.name>	2018-03-20 17:08:17 -0400
commit	16cf95d7200dd5e042ac96505d4f3eede84ceb87 (patch)
tree	91a47fde23bd5977ccb3181073aa6c7139660b73 /src/Propellor/Property
parent	5eff411be00981ccbbab5838ecb13a7530a1d0d9 (diff)