Details
-
Bug
-
Status: Resolved
-
Normal
-
Resolution: Fixed
-
None
-
None
-
None
-
-
Needs Assessment
-
Needs Assessment
Description
Basic Info
Module Version: 1.11.0
Puppet Version: 4.8 .2
OS Name/Version: CentOS 7.4
Desired Behavior:
If an iptables rule on a chain with a dash in the name contains a negation in the first argument, the rule fails to parse. As an example, if iptables includes the following rule, the rule will fail to parse: '-A CHAIN-WITH-DASH ! -i eth0 -p tcp -m comment --comment "005 iniface 2" -j DROP'. This is a valid rule and should be parsed by the module.
Actual Behavior:
When the firewall module runs, it logs a parse warning. Because the existing rule is not parsed, the firewall resource will create a duplicate copy of the rule every time puppet runs.
Warning: Skipping unparsable iptables rule: keys (4) and values (6) count mismatch on line: -A CHAIN-WITH-DASH ! -i eth0 -p tcp -m comment --comment "005 iniface 2" -j DROP