The Puppet Labs Issue Tracker has Moved:

This issue tracker is now in read-only archive mode and automatic ticket export has been disabled. Redmine users will need to create a new JIRA account to file tickets using See the following page for information on filing tickets with JIRA:

Bug #15646

iptables rules parsing fails on invert match

Added by Lee Standen almost 4 years ago. Updated about 3 years ago.

Status:ClosedStart date:07/23/2012
Priority:NormalDue date:
Assignee:-% Done:


Category:firewallSpent time:-
Target version:-
Keywords: Branch:

We've Moved!

Ticket tracking is now hosted in JIRA:


When using an invert match in iptables (for example manually added rule), the parser blows up and fails to parse the record.

An example output from iptables-save which fails: -A INPUT -p tcp -m multiport —sports 8140 -m comment —comment “050 allow puppet master connections” -m tcp ! —tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT

At the very least, I’d expect this to give some useful feedback so someone can manually fix the broken rule.


#1 Updated by William Van Hevelingen over 3 years ago

  • Category set to firewall

#2 Updated by Ken Barber about 3 years ago

  • Status changed from Unreviewed to Closed

Hiya … I’ve fall behind a bit on all this work, also the bug tracker is moving to here: I’ve managed to move what I still think is relevant and merge up items that are related. Consider this a slight declaration of ‘ticket debt’. If you think you’re issue isn’t represented in the new tracker feel free to open a new one.

Apologies for any confusion :–).


#3 Updated by Ken Barber about 3 years ago

Sorry – the new URL is actually: … thanks @Wolfspyre.

Also available in: Atom PDF