The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Bug #13331

Firewall Module doesn't handle services by name correctly

Added by Michael Hsu about 2 years ago. Updated about 1 year ago.

Status:ClosedStart date:03/22/2012
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:firewallSpent time:-
Target version:-
Keywords:firewall iptables Branch:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This issue is currently not available for export. If you are experiencing the issue described below, please file a new ticket in JIRA. Once a new ticket has been created, please add a link to it that points back to this Redmine ticket.


Description

In the string_to_port(value) def, it uses Socket.getservbyname(value) to convert service names to a port value. However this produces unexpected results where if you try to user a service name that doesn’t have a tcp definition it fails with the error:

err: Could not run Puppet configuration client: Parameter dport failed: Munging failed for value “” in class dport: no such service /tcp

replace with whatever named service you choose that doesn’t have a tcp service definition. The current work around is to NOT use service names for non-tcp services. The fix would be somehow using Socket.getservbyname(value, proto) assuming ‘proto’ is defined. Below is an example of a use of the firewall provider that fails:

firewall { "0200 INPUT allow ${name} to syslog port":
    chain  => 'INPUT',
    action => 'accept',
    proto  => 'udp',
    source => $name,
    dport  => 'syslog'
}

History

#1 Updated by Ken Barber about 1 year ago

  • Status changed from Unreviewed to Closed

Hiya … I’ve fall behind a bit on all this work, also the bug tracker is moving to here: https://github.com/puppetlabs/puppet-firewall/issues I’ve managed to move what I still think is relevant and merge up items that are related. Consider this a slight declaration of ‘ticket debt’. If you think you’re issue isn’t represented in the new tracker feel free to open a new one.

Apologies for any confusion :–).

Ken.

#2 Updated by Ken Barber about 1 year ago

Sorry – the new URL is actually: http://github.com/puppetlabs/puppetlabs-firewall/issues … thanks @Wolfspyre.

Also available in: Atom PDF