Make mode options for '-m recent' parse correctly

Options setting the mode of operation for the 'recent' match extension
no longer parse from existing rule definitions with their long-option
double-dashes still included.  Note that these options are meant to be
bang-invertible, but this module does not support that use case (and
currently will explode if it encounters any such rule).

Author: greatflyingsteve

lib/puppet/provider/firewall/iptables.rb

@@ -585,6 +585,10 @@ def self.rule_to_hash(line, table, counter)
     rpfilter_opts = values.scan(%r{-m\srpfilter(?:\s--(loose)|\s--(validmark)|\s--(accept-local)|\s--(invert))+}).flatten.compact
     values.sub!(%r{-m\srpfilter(?:\s--(?:loose|validmark|accept-local|invert))+}, "-m rpfilter #{rpfilter_opts.join(',')}")
 
+    # For recent matching, the 'recent' param takes the name of the long opt that should follow '-m recent',
+    # which otherwise gets parsed out with the double-dashes for the long opt still present
+    values.gsub!(%r{#{@resource_map[:recent]}\s--(set|rcheck|update|remove)}, "#{@resource_map[:recent]} \\1")
+
     # on some iptables versions, --connlimit-saddr switch is added after the rule is applied
     values = values.gsub(%r{--connlimit-saddr}, '')