The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Bug #15505

puppetlabs-firewall module - option to use either nf_conntrack or ip_conntrack module

Added by Dumitru Gherman almost 2 years ago. Updated about 1 year ago.

Status:ClosedStart date:07/12/2012
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:firewallSpent time:-
Target version:-
Keywords: Branch:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This issue is currently not available for export. If you are experiencing the issue described below, please file a new ticket in JIRA. Once a new ticket has been created, please add a link to it that points back to this Redmine ticket.


Description

Looking at https://github.com/puppetlabs/puppetlabs-firewall/blob/master/lib/puppet/provider/firewall/iptables.rb line 55, it seems that this module assumes you have loaded the ip_conntrack module. But some use nf_conntrack instead, and this module has a different syntax for some options in iptables. For example, line 55 in the above link becomes:

:state => “-m conntrack —ctstate”,

Would it be possible to add an option to load either nf_conntrack or ip_conntrack, and have the :state resource aware of the different options? Thanks!

History

#1 Updated by Dustin Mitchell over 1 year ago

In RHEL, depending on how you write your rules, it “figures out” which of the two conntrack modules to use. This request is for the puppet module (https://github.com/puppetlabs/puppetlabs-firewall) to duplicate that behavior.

#2 Updated by Ken Barber about 1 year ago

  • Status changed from Unreviewed to Closed

Hiya … I’ve fall behind a bit on all this work, also the bug tracker is moving to here: https://github.com/puppetlabs/puppet-firewall/issues I’ve managed to move what I still think is relevant and merge up items that are related. Consider this a slight declaration of ‘ticket debt’. If you think you’re issue isn’t represented in the new tracker feel free to open a new one.

Apologies for any confusion :–).

Ken.

#3 Updated by Ken Barber about 1 year ago

Sorry – the new URL is actually: http://github.com/puppetlabs/puppetlabs-firewall/issues … thanks @Wolfspyre.

Also available in: Atom PDF