Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-10631

puppetlabs/firewall : nftables service not disabled on RHEL 8

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: High
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Labels:
      None
    • Environment:

      Module Version: puppetlabs/firewall  2a569afd70b82933b971864fcc1e174888ef3d81
      Puppet Version: puppet-agent-5.5.19
      OS Name/Version: CentOS 8.x

    • Template:
      MODULES Bug Template
    • Method Found:
      Needs Assessment
    • QA Risk Assessment:
      Needs Assessment

      Description

      Problem

      When running:

      yum reinstall nftables

      all ip(6)tables rules are flushed (of course, that also happens during system updates).

      Alternatively:

      systemctl restart nftables

      also does that. A fix is to restart the ip(6)tables services afterwards or wait for another Puppet run.

       

      Solution

      Disabling the nftables service prevents this issue, also during reinstalls of the package (since that ensures the service is not restarted).

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            olifre Oliver Freyermuth
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:

                Zendesk Support