Bug #10164

firewall: ICMP type 'any'

Added by Pablo Iranzo Gómez over 1 year ago. Updated about 1 year ago.

Status:Merged - Pending ReleaseStart date:10/19/2011
Priority:NormalDue date:
Assignee:-% Done:

80%

Category:firewallSpent time:-
Target version:firewall 1.0.0
Keywords:icmp Branch:

Description

When defining icmp type to “any” it fails, so I used the numerical type ‘255’, but each time puppet runs, shows this message:

notice: /Firewall[002 ICMP from any]/icmp: icmp changed 'any' to '255'
notice: Firewall[002 ICMP from any](provider=iptables): Properties changed - updating rule

Regards

History

#1 Updated by Ken Barber over 1 year ago

  • Subject changed from ICMP type 'any' to firewall: ICMP type 'any'
  • Description updated (diff)
  • Status changed from Unreviewed to Accepted
  • Keywords set to icmp

#2 Updated by Daniel Black over 1 year ago

  • % Done changed from 0 to 80

Fix. I couldn’t add it to icmp_name_to_number as this is used by the :reject validation and reject with ANY icmp message doesn’t make sence

diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
index 968bc7e..28221bd 100644
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -354,7 +354,9 @@ Puppet::Type.newtype(:firewall) do
 
     munge do |value|
       if value.kind_of?(String)
-        value = @resource.icmp_name_to_number(value)
+        if value != "any"
+          value = @resource.icmp_name_to_number(value)
+        end
       else
         value
       end

#3 Updated by Daniel Black over 1 year ago

small note “any” isn’t valid on the ip6tables provider though it will accept icmp (v4) rules of any other type.

#4 Updated by Daniel Black over 1 year ago

  • Status changed from Accepted to In Topic Branch Pending Review

pull request #2 since #1 failed (so many times)

#5 Updated by Dan Carley over 1 year ago

Following a discussion in PR 57 it has been agreed that it would be better not to support the “any” value. We should instead steer people to omitting or undefining the ICMP param to the same functional effect. I’ve opened a new PR 60.

#6 Updated by Ken Barber over 1 year ago

  • Target version set to firewall 1.x

#7 Updated by Ken Barber about 1 year ago

  • Status changed from In Topic Branch Pending Review to Merged - Pending Release
  • Target version changed from firewall 1.x to firewall 1.0.0

Also available in: Atom PDF