Comments (8)
2fa
commented on August 24, 2024
1
#1206 should fix that
from puppetlabs-firewall.
2fa
commented on August 24, 2024
1
@corporate-gadfly your reproduction steps looks very similar to this problem so i would assume that it is related, yes. They've merged it an hour ago so it should be fixed in the next version.
from puppetlabs-firewall.
corporate-gadfly
commented on August 24, 2024
@2fa Would you mind looking at a comment in #1188 to see if it is related? Thanks in advance, for your time and attention.
from puppetlabs-firewall.
corporate-gadfly
commented on August 24, 2024
No luck with 8.0.2.
Running:
puppet apply -e 'firewallchain {"PREROUTING:mangle:IPv4": ensure=>"present"}'
continues to give the output:
Notice: /Stage[main]/Main/Firewallchain[PREROUTING:mangle:IPv4]/ensure: defined 'ensure' as 'present'
Notice: firewallchain[PREROUTING:mangle:IPv4]: Creating: Creating Chain 'PREROUTING:mangle:IPv4' with {:name=>"PREROUTING:mangle:IPv4", :ensure=>"present", :purge=>false, :ignore_foreign=>false, :chain=>"PREROUTING", :table=>"mangle", :protocol=>"IPv4", :policy=>"accept"}
Notice: firewallchain[PREROUTING:mangle:IPv4]: Creating: Ensuring changes to 'PREROUTING:mangle:IPv4' persist
Notice: firewallchain[PREROUTING:mangle:IPv4]: Creating: Finished in 0.131559 seconds
Kindly let me know, if I can provide more details.
from puppetlabs-firewall.
2fa
commented on August 24, 2024
@corporate-gadfly do you have rules in table before that that contains * symbol anywhere?
You can check iptables-save output to be sure. And also you can check if that chains is already there.
from puppetlabs-firewall.
corporate-gadfly
commented on August 24, 2024
@corporate-gadfly do you have rules in table before that that contains
*symbol anywhere?
No.
# iptables-save | grep '*'
*filter
You can check
iptables-saveoutput to be sure. And also you can check if that chains is already there.
# iptables-save -t mangle
# Generated by iptables-save v1.8.7 on Fri May 24 13:56:37 2024
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Fri May 24 13:56:37 2024
from puppetlabs-firewall.
2fa
commented on August 24, 2024
@corporate-gadfly Looks like my fix works in a non nf_tables version of iptables. iptables-save doesn't output empty tables at all in a new version. Great stuff 😃
I will reopen original issue #1206
from puppetlabs-firewall.
corporate-gadfly
commented on August 24, 2024
TY:
Operating System: Ubuntu 22.04.4 LTS
Kernel: Linux 5.15.0-100-generic
Architecture: x86-64
Hardware Vendor: VMware, Inc.
Hardware Model: VMware7,1
and:
# iptables -V
iptables v1.8.7 (nf_tables)
from puppetlabs-firewall.
Related Issues (20)
- Getting problems on the firewall on redhat 8
- No value is detected for nflog-prefix HOT 2
- Allow --reject-with tcp-reset for TCP rules
- Could not evaluate: `proto` must be set to `tcp` for `isfragment` to be true.
- firewall.toports expects an undef value or a match for Pattern[/^\d+(?:-\d+)?$/], got Integer
- Hyphen in the ipset's hash name breaks a firewall resource
- Puppet repeatedly attempts to correct firewall rules when `source` has a prefix length of zero HOT 8
- Add path option for cgroup
- Add back IPv6 protocol support for recent rule masks HOT 1
- Add support for parsing and using socket parameters
- issue with match_mark regex HOT 1
- Performance degradation in resource_api version
- single quotes in rule comments produces errors HOT 4
- puppet generate types fail on versions >= 7.0.0 HOT 2
- hostnames with multiple address are not handled completely
- Link in CONTRIBUTING.md returns a 404.
- Defining a state as an array can cause an unnecessary updating action
- Using a LOG jump with a log_level of 4 causes an unnecessary updating action
- gid match fails if no user by the same name exists.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppetlabs-firewall.