The Puppet Labs Issue Tracker has Moved:

This issue tracker is now in read-only archive mode and automatic ticket export has been disabled. Redmine users will need to create a new JIRA account to file tickets using See the following page for information on filing tickets with JIRA:

Bug #13560

OUTPUT is a valid chain for the mangle table

Added by Adam Gibbins about 4 years ago. Updated almost 4 years ago.

Status:Merged - Pending ReleaseStart date:03/30/2012
Priority:NormalDue date:
Assignee:-% Done:


Category:firewallSpent time:-
Target version:firewall 1.0.0
Keywords: Branch:

We've Moved!

Ticket tracking is now hosted in JIRA:


Hi, Attempting to use the below code:

firewall { '100 foobar':
  chain       => 'OUTPUT',
  jump        => 'MARK',                                                                         
  proto       => 'tcp',
  destination => ["${::ipaddress_bond0}/${::netmask_bond0}"],
  table       => 'mangle',
  sport       => ['8001','8002'],
  set_mark    => '0x1/0xffffffff',

Results in the error: Parameter set_mark only applies to the PREROUTING chain of the mangle table and when jump => MARK

This is incorrect, you can apply the mangle table to the OUTPUT chain also.


#1 Updated by Adam Gibbins about 4 years ago

Merge request with a fix here:

#2 Updated by Ken Barber almost 4 years ago

  • Status changed from Unreviewed to Merged - Pending Release
  • Target version set to firewall 1.0.0

Also available in: Atom PDF