Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-9758

puppetlabs-firewall : Cilium. Skipping unparsable iptables rule

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: In Progress
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Environment:

      iptables v1.4.21

    • Template:
      MODULES Bug Template
    • Method Found:
      Needs Assessment
    • QA Risk Assessment:
      Needs Assessment

      Description

      Basic Info
      Module Version: 2.0.0
      Puppet Version: 5.5.3
      OS Name/Version: CentOS Linux release 7.6.1810 (Core)

      After applying Cilium network for Kubernetes having "Skipping unparsable iptables rule..."

      Desired Behavior:

      **Rules parsed normally. No warnings in log.

      Actual Behavior:

      Puppet::Type::Firewall::ProviderIptables : Skipping unparsable iptables rule: keys (6) and values (10) count mismatch on line: -A CILIUM_POST_mangle -o cilium_host -m mark ! --mark 0xe00/0xf00 -m mark ! --mark 0xd00/0xf00 -m comment --comment "cilium: clear masq bit for pkts to cilium_host" -j MARK --set-xmark 0x0/0x4000   Puppet::Type::Firewall::ProviderIptables : Skipping unparsable iptables rule: keys (5) and values (7) count mismatch on line: -A CILIUM_PRE_mangle -m socket --transparent --nowildcard -m comment --comment "cilium: mark transparent proxy traffic to be routed locally" -j MARK --set-xmark 0x200/0xffffffff   Puppet::Type::Firewall::ProviderIptables : Skipping unparsable iptables rule: keys (5) and values (11) count mismatch on line: -A CILIUM_PRE_mangle -p tcp -m mark --mark 0xb860200 -m comment --comment "cilium: TPROXY to host cilium-dns-egress proxy" -j TPROXY --on-port 34315 --on-ip 0.0.0.0 --tproxy-mark 0x200/0xffffffff   Puppet::Type::Firewall::ProviderIptables : Skipping unparsable iptables rule: keys (5) and values (11) count mismatch on line: -A CILIUM_PRE_mangle -p udp -m mark --mark 0xb860200 -m comment --comment "cilium: TPROXY to host cilium-dns-egress proxy" -j TPROXY --on-port 34315 --on-ip 0.0.0.0 --tproxy-mark 0x200/0xffffffff   Puppet::Type::Firewall::ProviderIptables : Skipping unparsable iptables rule: keys (5) and values (13) count mismatch on line: -A CILIUM_OUTPUT -m mark ! --mark 0xe00/0xf00 -m mark ! --mark 0xd00/0xf00 -m mark ! --mark 0xa00/0xe00 -m comment --comment "cilium: host->any mark as from host" -j MARK --set-xmark 0xc00/0xf00   Puppet::Type::Firewall::ProviderIptables : Skipping unparsable iptables rule: keys (6) and values (10) count mismatch on line: -A CILIUM_POST_mangle -o cilium_host -m mark ! --mark 0xe00/0xf00 -m mark ! --mark 0xd00/0xf00 -m comment --comment "cilium: clear masq bit for pkts to cilium_host" -j MARK --set-xmark 0x0/0x4000   Puppet::Type::Firewall::ProviderIptables : Skipping unparsable iptables rule: keys (5) and values (7) count mismatch on line: -A CILIUM_PRE_mangle -m socket --transparent --nowildcard -m comment --comment "cilium: mark transparent proxy traffic to be routed locally" -j MARK --set-xmark 0x200/0xffffffff   Puppet::Type::Firewall::ProviderIptables : Skipping unparsable iptables rule: keys (5) and values (11) count mismatch on line: -A CILIUM_PRE_mangle -p tcp -m mark --mark 0xb860200 -m comment --comment "cilium: TPROXY to host cilium-dns-egress proxy" -j TPROXY --on-port 34315 --on-ip 0.0.0.0 --tproxy-mark 0x200/0xffffffff   Puppet::Type::Firewall::ProviderIptables : Skipping unparsable iptables rule: keys (5) and values (11) count mismatch on line: -A CILIUM_PRE_mangle -p udp -m mark --mark 0xb860200 -m comment --comment "cilium: TPROXY to host cilium-dns-egress proxy" -j TPROXY --on-port 34315 --on-ip 0.0.0.0 --tproxy-mark 0x200/0xffffffff   Puppet::Type::Firewall::ProviderIptables : Skipping unparsable iptables rule: keys (5) and values (13) count mismatch on line: -A CILIUM_OUTPUT -m mark ! --mark 0xe00/0xf00 -m mark ! --mark 0xd00/0xf00 -m mark ! --mark 0xa00/0xe00 -m comment --comment "cilium: host->any mark as from host" -j MARK --set-xmark 0xc00/0xf00   Puppet::Type::Firewall::ProviderIptables : Skipping unparsable iptables rule: keys (6) and values (10) count mismatch on line: -A CILIUM_POST_mangle -o cilium_host -m mark ! --mark 0xe00/0xf00 -m mark ! --mark 0xd00/0xf00 -m comment --comment "cilium: clear masq bit for pkts to cilium_host" -j MARK --set-xmark 0x0/0x4000   Puppet::Type::Firewall::ProviderIptables : Skipping unparsable iptables rule: keys (5) and values (7) count mismatch on line: -A CILIUM_PRE_mangle -m socket --transparent --nowildcard -m comment --comment "cilium: mark transparent proxy traffic to be routed locally" -j MARK --set-xmark 0x200/0xffffffff   Puppet::Type::Firewall::ProviderIptables : Skipping unparsable iptables rule: keys (5) and values (11) count mismatch on line: -A CILIUM_PRE_mangle -p tcp -m mark --mark 0xb860200 -m comment --comment "cilium: TPROXY to host cilium-dns-egress proxy" -j TPROXY --on-port 34315 --on-ip 0.0.0.0 --tproxy-mark 0x200/0xffffffff   Puppet::Type::Firewall::ProviderIptables : Skipping unparsable iptables rule: keys (5) and values (11) count mismatch on line: -A CILIUM_PRE_mangle -p udp -m mark --mark 0xb860200 -m comment --comment "cilium: TPROXY to host cilium-dns-egress proxy" -j TPROXY --on-port 34315 --on-ip 0.0.0.0 --tproxy-mark 0x200/0xffffffff   Puppet::Type::Firewall::ProviderIptables : Skipping unparsable iptables rule: keys (5) and values (13) count mismatch on line: -A CILIUM_OUTPUT -m mark ! --mark 0xe00/0xf00 -m mark ! --mark 0xd00/0xf00 -m mark ! --mark 0xa00/0xe00 -m comment --comment "cilium: host->any mark as from host" -j MARK --set-xmark 0xc00/0xf00   Puppet::Type::Firewall::ProviderIptables : Skipping unparsable iptables rule: keys (6) and values (10) count mismatch on line: -A CILIUM_POST_mangle -o cilium_host -m mark ! --mark 0xe00/0xf00 -m mark ! --mark 0xd00/0xf00 -m comment --comment "cilium: clear masq bit for pkts to cilium_host" -j MARK --set-xmark 0x0/0x4000   Puppet::Type::Firewall::ProviderIptables : Skipping unparsable iptables rule: keys (5) and values (7) count mismatch on line: -A CILIUM_PRE_mangle -m socket --transparent --nowildcard -m comment --comment "cilium: mark transparent proxy traffic to be routed locally" -j MARK --set-xmark 0x200/0xffffffff   Puppet::Type::Firewall::ProviderIptables : Skipping unparsable iptables rule: keys (5) and values (11) count mismatch on line: -A CILIUM_PRE_mangle -p tcp -m mark --mark 0xb860200 -m comment --comment "cilium: TPROXY to host cilium-dns-egress proxy" -j TPROXY --on-port 34315 --on-ip 0.0.0.0 --tproxy-mark 0x200/0xffffffff   Puppet::Type::Firewall::ProviderIptables : Skipping unparsable iptables rule: keys (5) and values (11) count mismatch on line: -A CILIUM_PRE_mangle -p udp -m mark --mark 0xb860200 -m comment --comment "cilium: TPROXY to host cilium-dns-egress proxy" -j TPROXY --on-port 34315 --on-ip 0.0.0.0 --tproxy-mark 0x200/0xffffffff   Puppet::Type::Firewall::ProviderIptables : Skipping unparsable iptables rule: keys (5) and values (13) count mismatch on line: -A CILIUM_OUTPUT -m mark ! --mark 0xe00/0xf00 -m mark ! --mark 0xd00/0xf00 -m mark ! --mark 0xa00/0xe00 -m comment --comment "cilium: host->any mark as from host" -j MARK --set-xmark 0xc00/0xf00  
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              loredana.ionce Loredana Ionce
              Reporter:
              Antiarchitect Andrey Voronkov
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:

                  Zendesk Support