From 8bb8274841716bba594c6455e5b8ab6077d6fa75 Mon Sep 17 00:00:00 2001
From: Jeremy Stanley <fungi@yuggoth.org>
Date: Wed, 17 Dec 2014 01:19:45 +0000
Subject: [PATCH] Correct iptables log option order

* modules/openstack_project/manifests/single_use_slave.pp: The
--log-prefix option must come after -j LOG to be parsed
successfully.

Change-Id: Ibd706ec267f3d684e8d2ac6141aa839589fe38bd
---
 modules/openstack_project/manifests/single_use_slave.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/openstack_project/manifests/single_use_slave.pp b/modules/openstack_project/manifests/single_use_slave.pp
index abc97255f0..6e70691bd6 100644
--- a/modules/openstack_project/manifests/single_use_slave.pp
+++ b/modules/openstack_project/manifests/single_use_slave.pp
@@ -37,7 +37,7 @@ class openstack_project::single_use_slave (
         '-p tcp --dport 8000 -s 172.24.4.0/24 -j ACCEPT',
         '-p tcp --dport 8003 -s 172.24.4.0/24 -j ACCEPT',
         '-p tcp --dport 8004 -s 172.24.4.0/24 -j ACCEPT',
-        '-m limit --limit 2/min --log-prefix "iptables dropped: " -j LOG',
+        '-m limit --limit 2/min -j LOG --log-prefix "iptables dropped: "',
       ],
   }
   class { 'jenkins::slave':