[MODULES-6261] puppetlabs-firewall : Rules with a dash in chain name doesn't parse - Puppet Tickets

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: firewall
Labels:
None

Acceptance Criteria:

Hide

Iptables rules with dashes in the chain name and a negated property should be correctly managed by the module

Show
Iptables rules with dashes in the chain name and a negated property should be correctly managed by the module
Method Found:
Needs Assessment

QA Risk Assessment:
Needs Assessment

Description

Basic Info
Module Version: 1.11.0
Puppet Version: 4.8 .2
OS Name/Version: CentOS 7.4

Desired Behavior:
If an iptables rule on a chain with a dash in the name contains a negation in the first argument, the rule fails to parse. As an example, if iptables includes the following rule, the rule will fail to parse: '-A CHAIN-WITH-DASH ! -i eth0 -p tcp -m comment --comment "005 iniface 2" -j DROP'. This is a valid rule and should be parsed by the module.

Actual Behavior:
When the firewall module runs, it logs a parse warning. Because the existing rule is not parsed, the firewall resource will create a duplicate copy of the rule every time puppet runs.

Warning: Skipping unparsable iptables rule: keys (4) and values (6) count mismatch on line: -A CHAIN-WITH-DASH ! -i eth0 -p tcp -m comment --comment "005 iniface 2" -j DROP

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Andy Hanton

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2017/12/07 12:35 PM

Updated:: 2017/12/08 4:21 AM

Resolved:: 2017/12/08 4:21 AM