Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-3514

Firewallchain doesn't purge fw rules introduced during run

    Details

    • Type: Bug
    • Status: Ready for Engineering
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Labels:
    • Environment:

      CentOS 7, Puppet 3.6

    • Template:
    • Acceptance Criteria:
      • The change does not affect the normal operation of the module
      • Adding a rule with an exec can get purged on the same run
    • Team:
      Modules
    • Story Points:
      1
    • Sprint:
      Modules Triage

      Description

      The puppetlabs-firewall module has a resource called firewallchain, which is able to purge existing rules found from that chain while preserving the ones declared in the catalog/manifests. The list of rules to purge is, however, only created once per chain before the catalog run is started (using the 'generate' function of the firewallchain type). If new rules are introduced during the run (like starting up the iptables service does), these new rules will not be purged.

      The fix would be to use 'eval_generate' instead of 'generate' for the firewallchain type. This way the moment of determining the existing rules to purge is directly dependent on ordering of the firewallchain resource in respect to other resources.

        Attachments

          Activity

            jsd-sla-details-panel

              People

              • Assignee:
                Unassigned
                Reporter:
                jaakko.sipari@gmail.com Jaakko Sipari
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: