Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-2450

puppetlabs/firewall module bug when adding iptable rule for dport 5432

    XMLWordPrintable

Details

    • Modules
    • 2
    • MODS 2015-09-02

    Description

      if i put in an iptables rule like this:
      iptables -A INPUT -p tcp --dport 5432 -j DROP
      i get:

      root@u918t6iekewz3yq:~# iptables -L
      Chain INPUT (policy ACCEPT)
      target     prot opt source               destination
      DROP       tcp  --  anywhere             anywhere             tcp dpt:postgresql
      

      and it only blocks the input to postgres port as i expect.

      if i put it in what i thought should be equivalent:
      {{puppet apply -e 'firewall

      { "000 drop port 5432": proto => "tcp", dport => 5432, action => "drop" }

      '}}
      i get:

      root@u918t6iekewz3yq:~# iptables -L
      Chain INPUT (policy ACCEPT)
      target     prot opt source               destination
      DROP       tcp  --  anywhere             anywhere             multiport dports postgresql /* 000 drop port 5432 */
      

      which seems to block a whole bunch of other stuff, including ssh

      Attachments

        1. No_rules.png
          No_rules.png
          87 kB
        2. Port_5432_rule.png
          Port_5432_rule.png
          88 kB
        3. Ports_5432_80_rule.png
          Ports_5432_80_rule.png
          89 kB

        Activity

          People

            stefan.pijnappels Stefan Pijnappels
            erict Eric Thompson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Zendesk Support