Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-10657

firewall : log_prefix max length 29 characters

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Labels:
      None
    • Environment:

      EL7

    • Template:
      MODULES Bug Template
    • Method Found:
      Needs Assessment
    • QA Risk Assessment:
      Needs Assessment

      Description

      Basic Info
      Module Version: 2.3.0
      Puppet Version: 6.x
      OS Name/Version: CentOS 7.7

      Describe your issue in as much detail as possible...

      The puppetlabs-firewall module takes a parameter `log_prefix` with dynamic rules like `FIREWALL-NAT-${chain}-${action}` and the PREROUTING and POSTROUTING tables were continually applying due to the limitation of 29 characters.

      Desired Behavior:

      Puppet should not accept a parameter that will not be accepted by the OS because it tries to continually apply the rule. If it is going to accept the option, perhaps it should truncate the same as the OS?

      Actual Behavior:

      It keeps re-applying:

      ```
      Notice: /Stage[main]/Profile::Linux::Firewall::Nat/Firewall[990 [NAT] LOG PREROUTING]/log_prefix: log_prefix changed 'FIREWALL-NAT-PREROUTING-accep' to 'FIREWALL-NAT-PREROUTING-accept:'
      Notice: Firewall[990 [NAT] LOG PREROUTING](provider=iptables): Properties changed - updating rule
      Notice: /Stage[main]/Profile::Linux::Firewall::Nat/Firewall[990 [NAT] LOG POSTROUTING]/log_prefix: log_prefix changed 'FIREWALL-NAT-POSTROUTING-acce' to 'FIREWALL-NAT-POSTROUTING-accept:'
      Notice: Firewall[990 [NAT] LOG POSTROUTING](provider=iptables): Properties changed - updating rule
      Notice: /Stage[main]/Firewall::Linux::Redhat/File[/etc/sysconfig/iptables]/seluser: seluser changed 'unconfined_u' to 'system_u'
      ```

      Please take a moment and attach any relevant log output and/or manifests. This will help us immensely when troubleshooting the issue.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            TommyTheKid Tommy McNeely
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Zendesk Support