Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-6261

puppetlabs-firewall : Rules with a dash in chain name doesn't parse

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • None
    • None
    • firewall
    • None
    • Hide

      Iptables rules with dashes in the chain name and a negated property should be correctly managed by the module

      Show
      Iptables rules with dashes in the chain name and a negated property should be correctly managed by the module
    • Needs Assessment
    • Needs Assessment

    Description

      Basic Info
      Module Version: 1.11.0
      Puppet Version: 4.8 .2
      OS Name/Version: CentOS 7.4

      Desired Behavior:
      If an iptables rule on a chain with a dash in the name contains a negation in the first argument, the rule fails to parse. As an example, if iptables includes the following rule, the rule will fail to parse: '-A CHAIN-WITH-DASH ! -i eth0 -p tcp -m comment --comment "005 iniface 2" -j DROP'. This is a valid rule and should be parsed by the module.

      Actual Behavior:
      When the firewall module runs, it logs a parse warning. Because the existing rule is not parsed, the firewall resource will create a duplicate copy of the rule every time puppet runs.

      Warning: Skipping unparsable iptables rule: keys (4) and values (6) count mismatch on line: -A CHAIN-WITH-DASH ! -i eth0 -p tcp -m comment --comment "005 iniface 2" -j DROP

      Attachments

        Activity

          People

            Unassigned Unassigned
            andyhanton Andy Hanton
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Zendesk Support