Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-2450

puppetlabs/firewall module bug when adding iptable rule for dport 5432

    Details

    • Template:
    • Epic Link:
    • Team:
      Modules
    • Story Points:
      2
    • Sprint:
      MODS 2015-09-02

      Description

      if i put in an iptables rule like this:
      iptables -A INPUT -p tcp --dport 5432 -j DROP
      i get:

      root@u918t6iekewz3yq:~# iptables -L
      Chain INPUT (policy ACCEPT)
      target     prot opt source               destination
      DROP       tcp  --  anywhere             anywhere             tcp dpt:postgresql
      

      and it only blocks the input to postgres port as i expect.

      if i put it in what i thought should be equivalent:
      {{puppet apply -e 'firewall

      { "000 drop port 5432": proto => "tcp", dport => 5432, action => "drop" }

      '}}
      i get:

      root@u918t6iekewz3yq:~# iptables -L
      Chain INPUT (policy ACCEPT)
      target     prot opt source               destination
      DROP       tcp  --  anywhere             anywhere             multiport dports postgresql /* 000 drop port 5432 */
      

      which seems to block a whole bunch of other stuff, including ssh

        Attachments

          Activity

            People

            • Assignee:
              stefan.pijnappels Stefan Pijnappels
              Reporter:
              erict Eric Thompson
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support