The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Bug #15646

iptables rules parsing fails on invert match

Added by Lee Standen over 2 years ago. Updated over 1 year ago.

Status:ClosedStart date:07/23/2012
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:firewallSpent time:-
Target version:-
Keywords: Branch:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This issue is currently not available for export. If you are experiencing the issue described below, please file a new ticket in JIRA. Once a new ticket has been created, please add a link to it that points back to this Redmine ticket.


Description

When using an invert match in iptables (for example manually added rule), the parser blows up and fails to parse the record.

An example output from iptables-save which fails: -A INPUT -p tcp -m multiport —sports 8140 -m comment —comment “050 allow puppet master connections” -m tcp ! —tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT

At the very least, I’d expect this to give some useful feedback so someone can manually fix the broken rule.

History

#1 Updated by William Van Hevelingen about 2 years ago

  • Category set to firewall

#2 Updated by Ken Barber over 1 year ago

  • Status changed from Unreviewed to Closed

Hiya … I’ve fall behind a bit on all this work, also the bug tracker is moving to here: https://github.com/puppetlabs/puppet-firewall/issues I’ve managed to move what I still think is relevant and merge up items that are related. Consider this a slight declaration of ‘ticket debt’. If you think you’re issue isn’t represented in the new tracker feel free to open a new one.

Apologies for any confusion :–).

Ken.

#3 Updated by Ken Barber over 1 year ago

Sorry – the new URL is actually: http://github.com/puppetlabs/puppetlabs-firewall/issues … thanks @Wolfspyre.

Also available in: Atom PDF