Affects Version/s: None
Fix Version/s: None
- Puppetlabs firewall module version: 1.14.0
- Puppetserver version: puppetserver-2.8.1-1.el7.noarch
- Puppet agent version: 4.10.12
- Agent OS: CentOS Linux release 7.6.1810 (Core)
Template:MODULES Bug Template customfield_10700 287954
Method Found:Manual Test
QA Risk Assessment:Needs Assessment
Module Version: 1.14.0
Puppet Version: 4.10.12
OS Name/Version: CentOS Linux release 7.6.1810 (Core)
Desired Behavior: Default CentOS 7 ip6tables firewall rules not managed by Puppet should be removed.
Actual Behavior: Puppet tries to remove not managed rules on every run and fails to show the underlying error, instead it just shows the change.
Example default rule in CentOS 7:
Puppet tries to delete this rule:
The underlying call to ip6tables fails with the following error:
Puppet does not show this error message and does not seem to notice that an error happend.
Possible sources of error:
In our firewall rules we have a default rule for related and established rules that is added by puppet:
The original rule from CentOS (shown earlier) and the identical rule from Puppet (besides the comment) maybe interfere with the deletion.