Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-10707

puppetlabs-firewall : iptables: Directory not empty when purging filled firewallchain

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Labels:
      None
    • Template:
      MODULES Bug Template
    • Method Found:
      Needs Assessment
    • QA Risk Assessment:
      Needs Assessment

      Description

      Basic Info
      Module Version: 2.4.0
      Puppet Version: 6.15.0
      OS Name/Version: CentOS 7.8.203

      1. Create an iptables chain and fill it with one rule.
      2. Create a manifinest which is purging all unmanaged firewallchains except the internal ones.

      Desired Behavior:

      The unmanaged firewall is purged, although it has rules in it.

      Actual Behavior:

      Error: Execution of '/sbin/iptables -t filter -X TEST' returned 1: iptables: Directory not empty.
      Error: /Stage[main]/Main/Firewallchain[TEST:filter:IPv4]/ensure: change from 'present' to 'absent' failed: Execution of '/sbin/iptables -t filter -X TEST' returned 1: iptables: Directory not empty.

      Possible Solution:

      Flush chains before deleting:
      Change lib\puppet\provider\firewallchain\iptables_chain.rb 
      debug "Deleting chain #{chain} on table #{table}"
              t.call ['-t', table, '-X', chain]
      to
      debug "Deleting chain #{chain} on table #{table}"
              t.call ['-t', table, '-F', chain]
              t.call ['-t', table, '-X', chain]

        Attachments

        1. create_test_chain.sh
          0.1 kB
        2. log.txt
          0.4 kB
        3. purge_firewallchains.pp
          0.5 kB

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            sebastian.juschuss Sebastian Juschuss
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:

                Zendesk Support