Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-3574

puppetlabs/firewall generates spurious -mask and -rsource flags for recent module

    Details

    • Type: Bug
    • Status: Accepted
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Labels:
      None
    • Template:

      Description

      I was attempting to implement these rules with puppetlabs/firewall 1.8.1:

      -N SSHBRUTE
      -A SSHBRUTE -m recent --name SSH --set
      -A SSHBRUTE -m recent --name SSH --update --seconds 300 --hitcount 10 -m limit --limit 1/second --limit-burst 100 -j LOG --log-prefix "iptables[SSH-brute]: "
      -A SSHBRUTE -m recent --name SSH --update --seconds 300 --hitcount 10 -j DROP
      -A SSHBRUTE -j ACCEPT

      But the actual rules generated by puppetlabs/firewall include spurious "-mask 255.255.255.255" and "-rsource" flags. I've attempted to set either/neither/both of rsource => false, rdest => false to no avail.

      I've attached the puppet code to reproduce.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              mzahorik Matt Zahorik
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:

                Zendesk Support