Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-10596

puppetlabs-firewall : support TTL target

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Labels:
      None
    • Template:
    • QA Risk Assessment:
      Needs Assessment

      Description

      Attempts to manage TTL target on CentOS 7 with module fails:

      Warning: Puppet::Type::Firewall::ProviderIptables: Skipping unparsable iptables rule: keys (4) and values (6) count mismatch on line: -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j TTL --ttl-inc 1
      

      from man iptables-extensions

         TTL (IPv4-specific)
             This is used to modify the IPv4 TTL header field.  The TTL field determines how many hops (routers) a packet can traverse until it's time to live is exceeded.
       
             Setting or incrementing the TTL field can potentially be very dangerous, so it should be avoided at any cost. This target is only valid in mangle table.
       
             Don't ever set or increment the value on packets that leave your local network!
       
             --ttl-set value
                    Set the TTL value to `value'.
       
             --ttl-dec value
                    Decrement the TTL value `value' times.
       
             --ttl-inc value
                    Increment the TTL value `value' times.
       
      
      

      Please consider to add a way to add this rule

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            vchepkov Vadym Chepkov
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Zendesk Support