(MODULES-11580) Do not combine stderr and stdout when scanning rules

shubhamshinde360 · shubhamshinde360 · commit 2a74cdbf4fd5 · 2025-08-05T19:07:13.000+05:30
- We get the output of 'ip(6)tables-save' and parse the contents to get the iptables rules.
 - When stderr is combined with stdout, the output of the command can be unexpected causing issues when parsing.
 - This commit disables the combination of stdout and stderr for this reason.
 - Setting 'failonfail' makes sure that any error returned by 'ip(6)tables-save' command is reported as failure to the user without attempting to parse its output.
diff --git a/lib/puppet/provider/firewall/firewall.rb b/lib/puppet/provider/firewall/firewall.rb
@@ -472,7 +472,7 @@ def self.get_rules(context, basic, protocols = ['IPv4', 'IPv6'])
     # For each protocol
     protocols.each do |protocol|
       # Retrieve String containing all information
-      iptables_list = Puppet::Provider.execute($list_command[protocol])
+      iptables_list = Puppet::Provider.execute('iptables-save', combine: false, failonfail: true)
       # Scan String to retrieve all Rules
       iptables_list.scan($table_regex).each do |table|
         table_name = table[0].scan($table_name_regex)[0][0]
