Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-8670

firewall: iptables nat prerouting redirect is not idempotent

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Labels:
      None
    • Template:
      MODULES Bug Template
    • Team:
      Modules
    • Method Found:
      Needs Assessment
    • QA Risk Assessment:
      Needs Assessment

      Description

      After upgrading puppetlabs/firewall from 1.14.0 to version 1.15.0 the following resource is no longer idempotent

       

      firewall { "0redirectIpv4Udp":
          proto       => 'udp',
          destination => '10.10.100.100',
          dport       => '53',
          table       => 'nat',
          chain       => 'PREROUTING',
          jump        => 'REDIRECT',
          toports     => '53',
          provider    => 'iptables',
      }

       

       

      Running puppet with debug gives the following output every time:

       

      Debug: Prefetching iptables resources for firewall
      Debug: Puppet::Type::Firewall::ProviderIptables: [prefetch(resources)]
      Debug: Puppet::Type::Firewall::ProviderIptables: [instances]
      Debug: Executing: '/sbin/iptables-save'
      Notice: /Stage[main]/Firewall[0redirectIpv4Udp]/jump: jump changed  to 'REDIRECT'
      Notice: /Stage[main]/Firewall[0redirectIpv4Udp]/toports: toports changed  to '53'
      Debug: Firewall[0redirectIpv4Udp](provider=iptables): [flush]
      Notice: Firewall[0redirectIpv4Udp](provider=iptables): Properties changed - updating rule
      Debug: Firewall[0redirectIpv4Udp](provider=iptables): Updating rule 0redirectIpv4Udp
      Debug: Firewall[0redirectIpv4Udp](provider=iptables): [insert_order]
      Debug: Puppet::Type::Firewall::ProviderIptables: [instances]
      Debug: Executing: '/sbin/iptables-save'
      Debug: Firewall[0redirectIpv4Udp](provider=iptables): Current resource: Puppet::Type::Firewall
      Debug: Executing: '/sbin/iptables -R PREROUTING 3 --wait -t nat -d 10.10.100.100/32 -p udp -m multiport --dports 53 -j REDIRECT --to-ports 53 -m comment --comment 0redirectIpv4Udp'
      Debug: Firewall[0redirectIpv4Udp](provider=iptables): [persist_iptables]
      

       

       

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              lan LAN
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support