From 8a89465e964f64f3226c8efb0b0e48d555790fda Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Tue, 21 Nov 2023 09:01:48 -0500
Subject: [PATCH] [SECVULN-1533] chore: Clarify iptables Provider interface
 docs (#19704)

chore: Clarify iptables Provider interface docs

Add docs clarifying constraints on use and return values.
---
 sdk/iptables/iptables.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sdk/iptables/iptables.go b/sdk/iptables/iptables.go
index 32f089a6c9..ad81946551 100644
--- a/sdk/iptables/iptables.go
+++ b/sdk/iptables/iptables.go
@@ -78,8 +78,11 @@ type Provider interface {
 	// ApplyRules executes rules that have been added via AddRule.
 	// This operation is currently not atomic, and if there's an error applying rules,
 	// you may be left in a state where partial rules were applied.
+	// ApplyRules should not be called twice on the same instance in order to avoid
+	// duplicate rule application.
 	ApplyRules() error
-	// Rules returns the list of rules that have been added but not applied yet.
+	// Rules returns the list of rules that have been added (including those not yet
+	// applied).
 	Rules() []string
 }