The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Bug #13560

OUTPUT is a valid chain for the mangle table

Added by Adam Gibbins over 2 years ago. Updated about 2 years ago.

Status:Merged - Pending ReleaseStart date:03/30/2012
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:firewallSpent time:-
Target version:firewall 1.0.0
Keywords: Branch:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This issue is currently not available for export. If you are experiencing the issue described below, please file a new ticket in JIRA. Once a new ticket has been created, please add a link to it that points back to this Redmine ticket.


Description

Hi, Attempting to use the below code:

firewall { '100 foobar':
  chain       => 'OUTPUT',
  jump        => 'MARK',                                                                         
  proto       => 'tcp',
  destination => ["${::ipaddress_bond0}/${::netmask_bond0}"],
  table       => 'mangle',
  sport       => ['8001','8002'],
  set_mark    => '0x1/0xffffffff',
}

Results in the error: Parameter set_mark only applies to the PREROUTING chain of the mangle table and when jump => MARK

This is incorrect, you can apply the mangle table to the OUTPUT chain also.

History

#1 Updated by Adam Gibbins over 2 years ago

Merge request with a fix here: https://github.com/puppetlabs/puppetlabs-firewall/pull/71

#2 Updated by Ken Barber about 2 years ago

  • Status changed from Unreviewed to Merged - Pending Release
  • Target version set to firewall 1.0.0

Also available in: Atom PDF