Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-1303

EL7 chain issues

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Accepted
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall, supported
    • Labels:
    • Template:
    • Epic Link:
    • Team:
      Modules

      Description

      ==> ls: Notice: Compiled catalog for rndlogstash1.vm.local in environment production in 5.87 seconds
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9005 eb9720fbe6b5efd7c4a39f4a1d84ee8c]/ensure: removed
      ==> ls: Warning: Firewall[9005 eb9720fbe6b5efd7c4a39f4a1d84ee8c](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9021 0ed6bb4b0133a993a36320cde0c11e2d]/ensure: removed
      ==> ls: Warning: Firewall[9021 0ed6bb4b0133a993a36320cde0c11e2d](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9006 a33f09749a5b189973e7cc425528b978]/ensure: removed
      ==> ls: Warning: Firewall[9006 a33f09749a5b189973e7cc425528b978](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9014 69d6208bb1e040713b9b291359c7012f]/ensure: removed
      ==> ls: Warning: Firewall[9014 69d6208bb1e040713b9b291359c7012f](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9015 4e025e5e9b20a747066c26885873ef1f]/ensure: removed
      ==> ls: Warning: Firewall[9015 4e025e5e9b20a747066c26885873ef1f](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9020 d617ff61128c8c47c088def2e8922b1f]/ensure: removed
      ==> ls: Warning: Firewall[9020 d617ff61128c8c47c088def2e8922b1f](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9018 beb89af4715d6dd20cacd95ba223a0a3]/ensure: removed
      ==> ls: Warning: Firewall[9018 beb89af4715d6dd20cacd95ba223a0a3](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9002 476b48107d288d1537c5276a794f970b]/ensure: removed
      ==> ls: Warning: Firewall[9002 476b48107d288d1537c5276a794f970b](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9007 62d1ab13e33ca508e42463ca58d129a0]/ensure: removed
      ==> ls: Warning: Firewall[9007 62d1ab13e33ca508e42463ca58d129a0](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9024 ec76fa0495ae5b766083b73708eeb55f]/ensure: removed
      ==> ls: Warning: Firewall[9024 ec76fa0495ae5b766083b73708eeb55f](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9001 ae948c9bfdf348c5e2dd3755d04cb412]/ensure: removed
      ==> ls: Warning: Firewall[9001 ae948c9bfdf348c5e2dd3755d04cb412](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9011 a33f09749a5b189973e7cc425528b978]/ensure: removed
      ==> ls: Warning: Firewall[9011 a33f09749a5b189973e7cc425528b978](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9019 a0aea61685e9e2161a34e72dd57550fd]/ensure: removed
      ==> ls: Warning: Firewall[9019 a0aea61685e9e2161a34e72dd57550fd](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9016 e1b544340944f6f30f87be608b46f2ea]/ensure: removed
      ==> ls: Warning: Firewall[9016 e1b544340944f6f30f87be608b46f2ea](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9004 1336a5b3f19136cb5eeda0361c00f680]/ensure: removed
      ==> ls: Warning: Firewall[9004 1336a5b3f19136cb5eeda0361c00f680](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9008 7aa5ae71ba1a7c154c8845dcbdeeb1a9]/ensure: removed
      ==> ls: Warning: Firewall[9008 7aa5ae71ba1a7c154c8845dcbdeeb1a9](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9022 42821a31e806fe896d689c6e1d95e202]/ensure: removed
      ==> ls: Warning: Firewall[9022 42821a31e806fe896d689c6e1d95e202](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9003 cbefb66be256dd9ca18a37aaceff3a38]/ensure: removed
      ==> ls: Warning: Firewall[9003 cbefb66be256dd9ca18a37aaceff3a38](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9009 0ccc6deff574f424079ec7eb56bcc777]/ensure: removed
      ==> ls: Warning: Firewall[9009 0ccc6deff574f424079ec7eb56bcc777](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw::Pre/Firewall[000 accept all icmp]/ensure: created
      ==> ls: Warning: Firewall[000 accept all icmp](provider=iptables): Unable to persist firewall rules: Execution of '/usr/libexec/iptables/iptables.init save' returned 1:
      ==> ls: Notice: /Stage[main]/Firewall::Linux::Redhat/Package[firewalld]/ensure: removed
      ==> ls: Notice: /Stage[main]/Firewall::Linux::Redhat/Package[iptables-services]/ensure: created
      ==> ls: Notice: /Stage[main]/Firewall::Linux::Redhat/Service[iptables]/ensure: ensure changed 'stopped' to 'running'
      ==> ls: Notice: /Stage[main]/Site::Ap_fw::Pre/Firewallchain[LOGGING:filter:IPv4]/ensure: created
      ==> ls: Notice: /Stage[main]/Site::Ap_fw::Pre/Firewall[903 logging]/ensure: created
      ==> ls: Error: Execution of '/sbin/iptables -t raw -D OUTPUT -j OUTPUT_direct' returned 2: iptables v1.4.21: Couldn't load target `OUTPUT_direct':No such file or directory
      ==> ls:
      ==> ls: Try `iptables -h' or 'iptables --help' for more information.
      ==> ls:
      ==> ls: Error: /Stage[main]/Site::Ap_fw/Firewall[9012 7aa5ae71ba1a7c154c8845dcbdeeb1a9]/ensure: change from present to absent failed: Execution of '/sbin/iptables -t raw -D OUTPUT -j OUTPUT_direct' returned 2: iptables v1.4.21: Couldn't load target `OUTPUT_direct':No such file or directory
      ==> ls:
      ==> ls: Try `iptables -h' or 'iptables --help' for more information.
      ==> ls:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9012 7aa5ae71ba1a7c154c8845dcbdeeb1a9]/proto: proto changed 'all' to 'tcp'
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9012 7aa5ae71ba1a7c154c8845dcbdeeb1a9]/table: table changed 'raw' to 'filter'
      ==> ls: Notice: Firewall[9012 7aa5ae71ba1a7c154c8845dcbdeeb1a9](provider=iptables): Properties changed - updating rule
      ==> ls: Error: Execution of '/sbin/iptables -t raw -D OUTPUT -j OUTPUT_direct' returned 2: iptables v1.4.21: Couldn't load target `OUTPUT_direct':No such file or directory
      ==> ls:
      ==> ls: Try `iptables -h' or 'iptables --help' for more information.
      ==> ls:
      ==> ls: Error: /Stage[main]/Site::Ap_fw/Firewall[9012 7aa5ae71ba1a7c154c8845dcbdeeb1a9]/ensure: change from present to absent failed: Execution of '/sbin/iptables -t raw -D OUTPUT -j OUTPUT_direct' returned 2: iptables v1.4.21: Couldn't load target `OUTPUT_direct':No such file or directory
      ==> ls:
      ==> ls: Try `iptables -h' or 'iptables --help' for more information.
      ==> ls:
      ==> ls: Error: Modifying the chain for existing rules is not supported.
      ==> ls: Error: /Stage[main]/Site::Ap_fw/Firewall[9012 7aa5ae71ba1a7c154c8845dcbdeeb1a9]/chain: change from OUTPUT to INPUT failed: Modifying the chain for existing rules is not supported.
      ==> ls: Error: /Firewall[9012 7aa5ae71ba1a7c154c8845dcbdeeb1a9]: Could not evaluate: undefined method `+' for nil:NilClass
      ==> ls: Notice: /Stage[main]/Site::Ap_fw::Pre/Firewall[001 accept all to lo interface]/ensure: created
      ==> ls: Notice: /Stage[main]/Site::Ap_fw::Pre/Firewall[002 accept related established rules]/ensure: created
      ==> ls: Notice: /Stage[main]/Site::Ap_fw::Pre/Firewall[003 allow ssh access]/ensure: created
      ==> ls: Notice: /Stage[main]/Site::Ap_fw::Pre/Firewall[901 send input to log]/ensure: created
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[200 logstash tcp]/ensure: created
      ==> ls: Notice: /Stage[main]/Site::Ap_fw::Post/Firewall[999 drop all]/ensure: created
      ==> ls: Notice: /Stage[main]/Site::Ap_fw::Post/Firewall[999 forward reject all]/ensure: created
      ==> ls: Notice: /Stage[main]/Snmp/File[snmptrapd.conf]/content: content changed '{md5}913e2613413a45daa402d0fbdbaba676' to '{md5}1c36cde15008b625736c31d1e4589599'
      ==> ls: Notice: /Stage[main]/Snmp/File[snmptrapd.conf]/mode: mode changed '0600' to '0644'
      ==> ls: Error: Execution of '/sbin/iptables -t mangle -D PRE_public -j PRE_public_log' returned 2: iptables v1.4.21: Couldn't load target `PRE_public_log':No such file or directory
      ==> ls:
      ==> ls: Try `iptables -h' or 'iptables --help' for more information.
      ==> ls:
      ==> ls: Error: /Stage[main]/Site::Ap_fw/Firewall[9010 ba38a42664b981047852dcf0e8ab2b90]/ensure: change from present to absent failed: Execution of '/sbin/iptables -t mangle -D PRE_public -j PRE_public_log' returned 2: iptables v1.4.21: Couldn't load target `PRE_public_log':No such file or directory
      ==> ls:
      ==> ls: Try `iptables -h' or 'iptables --help' for more information.
      ==> ls:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9010 ba38a42664b981047852dcf0e8ab2b90]/proto: proto changed 'all' to 'tcp'
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9010 ba38a42664b981047852dcf0e8ab2b90]/table: table changed 'mangle' to 'filter'
      ==> ls: Notice: Firewall[9010 ba38a42664b981047852dcf0e8ab2b90](provider=iptables): Properties changed - updating rule
      ==> ls: Error: Execution of '/sbin/iptables -t mangle -D PRE_public -j PRE_public_log' returned 2: iptables v1.4.21: Couldn't load target `PRE_public_log':No such file or directory
      ==> ls:
      ==> ls: Try `iptables -h' or 'iptables --help' for more information.
      ==> ls:
      ==> ls: Error: /Stage[main]/Site::Ap_fw/Firewall[9010 ba38a42664b981047852dcf0e8ab2b90]/ensure: change from present to absent failed: Execution of '/sbin/iptables -t mangle -D PRE_public -j PRE_public_log' returned 2: iptables v1.4.21: Couldn't load target `PRE_public_log':No such file or directory
      ==> ls:
      ==> ls: Try `iptables -h' or 'iptables --help' for more information.
      ==> ls:
      ==> ls: Error: Modifying the chain for existing rules is not supported.
      ==> ls: Error: /Stage[main]/Site::Ap_fw/Firewall[9010 ba38a42664b981047852dcf0e8ab2b90]/chain: change from PRE_public to INPUT failed: Modifying the chain for existing rules is not supported.
      ==> ls: Error: /Firewall[9010 ba38a42664b981047852dcf0e8ab2b90]: Could not evaluate: undefined method `+' for nil:NilClass
      ==> ls: Error: Execution of '/sbin/iptables -t filter -D FORWARD_IN_ZONES -i enp0s8 -g FWDI_public' returned 2: iptables v1.4.21: goto 'FWDI_public' is not a chain
      ==> ls:
      ==> ls: Try `iptables -h' or 'iptables --help' for more information.
      ==> ls:
      ==> ls: Error: /Stage[main]/Site::Ap_fw/Firewall[9017 434a6a3f4270e81b09493442063c0588]/ensure: change from present to absent failed: Execution of '/sbin/iptables -t filter -D FORWARD_IN_ZONES -i enp0s8 -g FWDI_public' returned 2: iptables v1.4.21: goto 'FWDI_public' is not a chain
      ==> ls:
      ==> ls: Try `iptables -h' or 'iptables --help' for more information.
      ==> ls:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9017 434a6a3f4270e81b09493442063c0588]/proto: proto changed 'all' to 'tcp'
      ==> ls: Notice: Firewall[9017 434a6a3f4270e81b09493442063c0588](provider=iptables): Properties changed - updating rule
      ==> ls: Error: Execution of '/sbin/iptables -t filter -D FORWARD_IN_ZONES -i enp0s8 -g FWDI_public' returned 2: iptables v1.4.21: goto 'FWDI_public' is not a chain
      ==> ls:
      ==> ls: Try `iptables -h' or 'iptables --help' for more information.
      ==> ls:
      ==> ls: Error: /Stage[main]/Site::Ap_fw/Firewall[9017 434a6a3f4270e81b09493442063c0588]/ensure: change from present to absent failed: Execution of '/sbin/iptables -t filter -D FORWARD_IN_ZONES -i enp0s8 -g FWDI_public' returned 2: iptables v1.4.21: goto 'FWDI_public' is not a chain
      ==> ls:
      ==> ls: Try `iptables -h' or 'iptables --help' for more information.
      ==> ls:
      ==> ls: Error: Modifying the chain for existing rules is not supported.
      ==> ls: Error: /Stage[main]/Site::Ap_fw/Firewall[9017 434a6a3f4270e81b09493442063c0588]/chain: change from -g to INPUT failed: Modifying the chain for existing rules is not supported.
      ==> ls: Error: /Firewall[9017 434a6a3f4270e81b09493442063c0588]: Could not evaluate: undefined method `+' for nil:NilClass
      ==> ls: Notice: /Stage[main]/Site::Base/Firewall[300 SNMP]/ensure: created
      ==> ls: Error: Execution of '/sbin/iptables -t filter -D INPUT -j INPUT_ZONES' returned 2: iptables v1.4.21: Couldn't load target `INPUT_ZONES':No such file or directory
      ==> ls:
      ==> ls: Try `iptables -h' or 'iptables --help' for more information.
      ==> ls:
      ==> ls: Error: /Stage[main]/Site::Ap_fw/Firewall[9013 4bef790222254ae23e8238fc6d522e6d]/ensure: change from present to absent failed: Execution of '/sbin/iptables -t filter -D INPUT -j INPUT_ZONES' returned 2: iptables v1.4.21: Couldn't load target `INPUT_ZONES':No such file or directory
      ==> ls:
      ==> ls: Try `iptables -h' or 'iptables --help' for more information.
      ==> ls:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9013 4bef790222254ae23e8238fc6d522e6d]/proto: proto changed 'all' to 'tcp'
      ==> ls: Notice: Firewall[9013 4bef790222254ae23e8238fc6d522e6d](provider=iptables): Properties changed - updating rule
      ==> ls: Error: Execution of '/sbin/iptables -t filter -D INPUT -j INPUT_ZONES' returned 2: iptables v1.4.21: Couldn't load target `INPUT_ZONES':No such file or directory
      ==> ls:
      ==> ls: Try `iptables -h' or 'iptables --help' for more information.
      ==> ls:
      ==> ls: Error: /Stage[main]/Site::Ap_fw/Firewall[9013 4bef790222254ae23e8238fc6d522e6d]/ensure: change from present to absent failed: Execution of '/sbin/iptables -t filter -D INPUT -j INPUT_ZONES' returned 2: iptables v1.4.21: Couldn't load target `INPUT_ZONES':No such file or directory
      ==> ls:
      ==> ls: Try `iptables -h' or 'iptables --help' for more information.
      ==> ls:
      ==> ls: Error: /Firewall[9013 4bef790222254ae23e8238fc6d522e6d]: Could not evaluate: undefined method `+' for nil:NilClass
      ==> ls: Error: Execution of '/sbin/iptables -t filter -D INPUT_ZONES -g IN_public' returned 2: iptables v1.4.21: goto 'IN_public' is not a chain
      ==> ls:
      ==> ls: Try `iptables -h' or 'iptables --help' for more information.
      ==> ls:
      ==> ls: Error: /Stage[main]/Site::Ap_fw/Firewall[9023 4ff120b6ef4e1aab4e07afa8f1b50b6e]/ensure: change from present to absent failed: Execution of '/sbin/iptables -t filter -D INPUT_ZONES -g IN_public' returned 2: iptables v1.4.21: goto 'IN_public' is not a chain
      ==> ls:
      ==> ls: Try `iptables -h' or 'iptables --help' for more information.
      ==> ls:
      ==> ls: Notice: /Stage[main]/Site::Ap_fw/Firewall[9023 4ff120b6ef4e1aab4e07afa8f1b50b6e]/proto: proto changed 'all' to 'tcp'
      ==> ls: Notice: Firewall[9023 4ff120b6ef4e1aab4e07afa8f1b50b6e](provider=iptables): Properties changed - updating rule
      ==> ls: Error: Execution of '/sbin/iptables -t filter -D INPUT_ZONES -g IN_public' returned 2: iptables v1.4.21: goto 'IN_public' is not a chain
      ==> ls:
      ==> ls: Try `iptables -h' or 'iptables --help' for more information.
      ==> ls:
      ==> ls: Error: /Stage[main]/Site::Ap_fw/Firewall[9023 4ff120b6ef4e1aab4e07afa8f1b50b6e]/ensure: change from present to absent failed: Execution of '/sbin/iptables -t filter -D INPUT_ZONES -g IN_public' returned 2: iptables v1.4.21: goto 'IN_public' is not a chain
      ==> ls:
      ==> ls: Try `iptables -h' or 'iptables --help' for more information.
      ==> ls:
      ==> ls: Error: Modifying the chain for existing rules is not supported.
      ==> ls: Error: /Stage[main]/Site::Ap_fw/Firewall[9023 4ff120b6ef4e1aab4e07afa8f1b50b6e]/chain: change from IN_public to INPUT failed: Modifying the chain for existing rules is not supported.
      ==> ls: Error: /Firewall[9023 4ff120b6ef4e1aab4e07afa8f1b50b6e]: Could not evaluate: undefined method `+' for nil:NilClass
      ==> ls: Error: Execution of '/sbin/iptables -t filter -D IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT' returned 1: iptables: Bad rule (does a matching rule exist in that chain?).
      ==> ls:
      ==> ls: Error: /Stage[main]/Site::Ap_fw/Firewall[9025 8fce0a4c50bd8e5df808d83cfc6419e9]/ensure: change from present to absent failed: Execution of '/sbin/iptables -t filter -D IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT' returned 1: iptables: Bad rule (does a matching rule exist in that chain?).
      ==> ls:
      ==> ls: Error: Execution of '/sbin/iptables -t filter -D IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT' returned 1: iptables: Bad rule (does a matching rule exist in that chain?).
      ==> ls:
      ==> ls: Error: /Stage[main]/Site::Ap_fw/Firewall[9025 8fce0a4c50bd8e5df808d83cfc6419e9]/ensure: change from present to absent failed: Execution of '/sbin/iptables -t filter -D IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT' returned 1: iptables: Bad rule (does a matching rule exist in that chain?).
      ==> ls:
      ==> ls: Error: Modifying the chain for existing rules is not supported.
      ==> ls: Error: /Stage[main]/Site::Ap_fw/Firewall[9025 8fce0a4c50bd8e5df808d83cfc6419e9]/chain: change from IN_public_allow to INPUT failed: Modifying the chain for existing rules is not supported.
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              hunter Hunter (Hunner) Haugen
              Reporter:
              cdenneen Chris Denneen
              Votes:
              8 Vote for this issue
              Watchers:
              14 Start watching this issue

                Dates

                Created:
                Updated:

                  Zendesk Support