Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-1552

puppetlabs-firewall fails with error "Invalid address from IPAddr.new: -m"

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Environment:

      CentOS 6.5 x86_64
      Puppet 3.7.2
      puppetlabs-firewall 1.2.0

    • Template:
    • Story Points:
      1
    • Sprint:
      MODS 2015-01-07

      Description

      Using puppetlabs-firewall v1.2.0 on a CentOS 6.5 server with Puppet 3.7.2, I get the following types of errors when the module tries to execute:

      Error: /Firewallchain[OUTPUT:filter:IPv4]: Failed to generate additional resources using 'generate': Invalid address from IPAddr.new: -m
      Error: /Firewallchain[INPUT:filter:IPv4]: Failed to generate additional resources using 'generate': Invalid address from IPAddr.new: -m
      Error: /Firewallchain[FORWARD:filter:IPv4]: Failed to generate additional resources using 'generate': Invalid address from IPAddr.new: -m
      Error: Could not prefetch firewall provider 'iptables': Invalid address from IPAddr.new: -m
      Error: /Firewall[002 accept related/established traffic]: Could not evaluate: Invalid address from IPAddr.new: -m
      Error: /Firewall[000 accept icmp echo-request]: Could not evaluate: Invalid address from IPAddr.new: -m
      Error: /Firewall[001 accept loopback traffic]: Could not evaluate: Invalid address from IPAddr.new: -m

      After adding additional debug logging to the iptables firewall provider module, I can see that the module fails when processing this line:

      ESC[0;36mDebug: Line 217: '-A EU_mcYdNq79OwCQNZyoPhVnww== -s 10.0.0.0/8 -p udp -m udp -j ACCEPT ' ESC[0m
      ESC[1;31mError: /Firewallchain[OUTPUT:filter:IPv4]: Failed to generate additional resources using 'generate': Invalid address from IPAddr.new: -mESC[0m

      Changing the rule in question to contain a port range, for example like this, is enough to fix the issue and allow the module to work without any problems:

      -A EU_mcYdNq79OwCQNZyoPhVnww== -s 10.0.0.0/8 -p udp -m udp --dport 1:65535 -j ACCEPT

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                morgan Morgan Rhodes
                Reporter:
                jmuuriai Jani Muuriaisniemi
              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Zendesk Support