Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-8214

puppetlabs-firewall : warnings on parsing addrtype/src_type rules with --limit-iface-in

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Labels:
      None
    • Environment:

      Module version: 1.14.0
      Puppet version: 5.5.8
      Iptables version: v1.6.0

    • QA Risk Assessment:
      Needs Assessment

      Description

      Following warnings are being displayed:

      Warning: Puppet::Type::Firewall::ProviderIptables: Skipping unparsable iptables rule: keys (5) and values (10) count mismatch on line: -A cali-POSTROUTING -o tunl0 -m comment --comment "cali:JHlpT-eSqR1TvyYm" -m addrtype ! --src-type LOCAL --limit-iface-out -m addrtype --src-type LOCAL -j MASQUERADE
      Warning: Puppet::Type::Firewall::ProviderFirewall_patched: Skipping unparsable iptables rule: keys (5) and values (10) count mismatch on line: -A cali-POSTROUTING -o tunl0 -m comment --comment "cali:JHlpT-eSqR1TvyYm" -m addrtype ! --src-type LOCAL --limit-iface-out -m addrtype --src-type LOCAL -j MASQUERADE
      Warning: Puppet::Type::Firewall::ProviderIptables: Skipping unparsable iptables rule: keys (5) and values (10) count mismatch on line: -A cali-POSTROUTING -o tunl0 -m comment --comment "cali:JHlpT-eSqR1TvyYm" -m addrtype ! --src-type LOCAL --limit-iface-out -m addrtype --src-type LOCAL -j MASQUERADE
      Info: Applying configuration version 'fdd571b77941dc2263ddb1909d838f893621cbee'
      Warning: Puppet::Type::Firewall::ProviderIptables: Skipping unparsable iptables rule: keys (5) and values (10) count mismatch on line: -A cali-POSTROUTING -o tunl0 -m comment --comment "cali:JHlpT-eSqR1TvyYm" -m addrtype ! --src-type LOCAL --limit-iface-out -m addrtype --src-type LOCAL -j MASQUERADE
      

      Probably: src_type and dst_type parameters should be changed ot accept and output arrays while parsing rules with --limit-iface-out and --limit-iface-in as part of string.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                invidian Mateusz Gozdek
                Reporter:
                invidian Mateusz Gozdek
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Zendesk Support