Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-3514

Firewallchain doesn't purge fw rules introduced during run

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Ready for Engineering
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Labels:
    • Environment:

      CentOS 7, Puppet 3.6

    • Template:
    • Acceptance Criteria:
      • The change does not affect the normal operation of the module
      • Adding a rule with an exec can get purged on the same run
    • Team:
      Modules
    • Story Points:
      1
    • Sprint:
      Modules Triage

      Description

      The puppetlabs-firewall module has a resource called firewallchain, which is able to purge existing rules found from that chain while preserving the ones declared in the catalog/manifests. The list of rules to purge is, however, only created once per chain before the catalog run is started (using the 'generate' function of the firewallchain type). If new rules are introduced during the run (like starting up the iptables service does), these new rules will not be purged.

      The fix would be to use 'eval_generate' instead of 'generate' for the firewallchain type. This way the moment of determining the existing rules to purge is directly dependent on ordering of the firewallchain resource in respect to other resources.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            jaakko.sipari@gmail.com Jaakko Sipari
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:

                Zendesk Support