Bug #15505
puppetlabs-firewall module - option to use either nf_conntrack or ip_conntrack module
| Status: | Closed | Start date: | 07/12/2012 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | firewall | Spent time: | - | |
| Target version: | - | |||
| Keywords: | Branch: | |||
Description
Looking at https://github.com/puppetlabs/puppetlabs-firewall/blob/master/lib/puppet/provider/firewall/iptables.rb line 55, it seems that this module assumes you have loaded the ip_conntrack module. But some use nf_conntrack instead, and this module has a different syntax for some options in iptables. For example, line 55 in the above link becomes:
:state => “-m conntrack —ctstate”,
Would it be possible to add an option to load either nf_conntrack or ip_conntrack, and have the :state resource aware of the different options? Thanks!
History
#1
Updated by Dustin Mitchell 10 months ago
In RHEL, depending on how you write your rules, it “figures out” which of the two conntrack modules to use. This request is for the puppet module (https://github.com/puppetlabs/puppetlabs-firewall) to duplicate that behavior.
#2
Updated by Ken Barber 4 months ago
- Status changed from Unreviewed to Closed
Hiya … I’ve fall behind a bit on all this work, also the bug tracker is moving to here: https://github.com/puppetlabs/puppet-firewall/issues I’ve managed to move what I still think is relevant and merge up items that are related. Consider this a slight declaration of ‘ticket debt’. If you think you’re issue isn’t represented in the new tracker feel free to open a new one.
Apologies for any confusion :–).
Ken.
#3
Updated by Ken Barber 4 months ago
Sorry – the new URL is actually: http://github.com/puppetlabs/puppetlabs-firewall/issues … thanks @Wolfspyre.