Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-10835

{puppetlabs/firewall} : {2.4.0 throws errors about /sbin/ip6tables when IPv6 is disabled on the host}

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Labels:
      None
    • Environment:
      • Ubuntu 18.04.5 LTS
      • Puppet agent version 5.5 or 5.4
      • Foreman 1.24.3
    • Template:
      MODULES Bug Template
    • Method Found:
      Needs Assessment
    • QA Risk Assessment:
      Needs Assessment

      Description

      Basic Info
      Module Version: puppetlabs/firewall 2.4.0
      Puppet Version: 5.5.21 & 5.4.0
      OS Name/Version: Ubuntu 18.04.5 LTS

      Puppetlabs/firewall is generating errors about `/sbin/ip6tables-save` even though IPv6 is not activated anywhere in the host manifests. IPv6 is disabled on the host.

      Desired Behavior:

      I should be able to use puppetlabs/firewall on a system that doesn't have IPv6 without it trying to trigger `/sbin/ip6tables-save`

      Actual Behavior:

      IPv6 on this host is disabled:

      root@docker1:~# ls /proc/net/if_inet6
      ls: cannot access '/proc/net/if_inet6': No such file or directory
      

       

      root@docker1:~# facter --puppet |grep -i ipv6
            EnableIPv6 => false,
            EnableIPv6 => false,
                IPv6Address => ""
                IPv6Address => ""
                IPv6Address => ""
                IPv6Address => ""
                IPv6Address => ""
                IPv6Address => ""
                IPv6Address => ""
            EnableIPv6 => false,
                IPv6Address => ""
      root@docker1:~# ip a |grep -i inet6
      root@docker1:~#
      

       

       

       

      But Puppet still tries to activate an ipv6 tool:

      root@docker1:~# puppet agent --test
      ...
      Error: /Stage[main]/Profile::Docker::Firewall/Firewallchain[FORWARD:filter:IPv4]: Failed to generate additional resources using 'generate': Execution of '/sbin/ip6tables-save' returned 1: ip6tables-save v1.6.1: Cannot initialize: Address family not supported by protocol
      

       

       

      At the very least, can someone direct me to the code that triggers the use of `ip6tables-save`?

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            stefanlasiewski Stefan Lasiewski
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support