From efdecad74ac18d93b62a6f9ba3792904bb976b3b Mon Sep 17 00:00:00 2001
From: Eric Garver <e@erig.me>
Date: Fri, 17 Aug 2018 13:26:18 -0400
Subject: [PATCH 2/2] fw: If direct rules fail to apply add a "Direct" label to
 error msg

Since they're free form it's easy to write a bad rule. This will at
least let user know where to look.

(cherry picked from commit db2d72e32579d14b5f03c6f06a9e6f38b00717cd)
---
 src/firewall/core/fw.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py
index 9079f1bbc6a4..21f5fc680c10 100644
--- a/src/firewall/core/fw.py
+++ b/src/firewall/core/fw.py
@@ -440,9 +440,15 @@ class Firewall(object):
             log.debug1("Applying direct chains rules and passthrough rules")
             self.direct.apply_direct(transaction)
 
-            # Execute transaction
-            transaction.execute(True)
-            transaction.clear()
+            # since direct rules are easy to make syntax errors lets highlight
+            # the cause if the transaction fails.
+            try:
+                transaction.execute(True)
+                transaction.clear()
+            except FirewallError as e:
+                raise FirewallError(e.code, "Direct: %s" % (e.msg if e.msg else ""))
+            except Exception:
+                raise
 
         del transaction
 
-- 
2.18.0