Affects Version/s: None
Fix Version/s: None
CentOS 7.7, Puppet 5.x or 6.x
Template:MODULES Bug Template customfield_10700 357907
Method Found:Needs Assessment
QA Risk Assessment:Needs Assessment
Module Version: 2.3.0
Puppet Version: 5.5.x
OS Name/Version: CentOS 7.7
Describe your issue in as much detail as possible...
I want to be able to configure the "INPUT" chain in the "nat" table, but the module specifically disabled that.
Please take a moment and attach any relevant log output and/or manifests. This will help us immensely when troubleshooting the issue.
This was discussed in SLACK chat in the puppet-modules channel.
"@Greg" noted that:
MO you’ve got two bugs. (1) https://git.netfilter.org/iptables/commit/?id=890fd9ef76ad0c11695fb0d09a88169e6e46584f - the code for iptables has been out of sync with its man page since about here. And then (2) around input being denied by the puppet firewall provider when it’s an otherwise valid option. But that it’s such an undocumented/rare use case, you might have to tackle 1 before anyone will believe 2.
While I wouldn't necessarily recommend creating a "potentially confusing" chain name, you can create chains (to "jump" to). So even if #1 is the case, restricting the names in Puppet seems inappropriate.