Louis Coilliot
2014-Jan-26 22:36 UTC
[Puppet Users] Problem with puppetlabs-firewall and ip range
Hello, I use puppetlabs-firewall 0.4.2 I have some rules : firewall { '138 jboss node to node udp' : chain => 'INPUT', proto => 'udp', src_range => $jboss7::params::ip_range, dst_range => $jboss7::params::ip_range, action => 'accept', } firewall { '139 jboss node to node tcp' : chain => 'INPUT', proto => 'tcp', src_range => $jboss7::params::ip_range, dst_range => $jboss7::params::ip_range, action => 'accept', } Each time I run puppet on the node, I have some configuration changes : First run : Notice: /Firewall[138 jboss node to node udp]/src_range: src_range changed 'udp' to '192.168.0.60-192.168.0.62' Notice: /Firewall[138 jboss node to node udp]/proto: proto changed '192.168.0.60-192.168.0.62' to 'udp' Notice: Firewall[138 jboss node to node udp](provider=iptables): Properties changed - updating rule Notice: /Firewall[139 jboss node to node tcp]/src_range: src_range changed 'tcp' to '192.168.0.60-192.168.0.62' Notice: /Firewall[139 jboss node to node tcp]/proto: proto changed '192.168.0.60-192.168.0.62' to 'tcp' Notice: Firewall[139 jboss node to node tcp](provider=iptables): Properties changed - updating rule Second run : Notice: /Firewall[138 jboss node to node udp]/src_range: src_range changed 'udp' to '192.168.0.60-192.168.0.62' Notice: /Firewall[138 jboss node to node udp]/proto: proto changed '192.168.0.60-192.168.0.62' to 'udp' Notice: Firewall[138 jboss node to node udp](provider=iptables): Properties changed - updating rule Notice: /Firewall[139 jboss node to node tcp]/src_range: src_range changed 'tcp' to '192.168.0.60-192.168.0.62' Notice: /Firewall[139 jboss node to node tcp]/proto: proto changed '192.168.0.60-192.168.0.62' to 'tcp' Notice: Firewall[139 jboss node to node tcp](provider=iptables): Properties changed - updating rule And so on. The rules seem to be applied correctly : # iptables -L -n -v | egrep 'Chain INPUT|pkts|node to node' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 source IP range 192.168.0.60-192.168.0.62 destination IP range 192.168.0.60-192.168.0.62 /* 138 jboss node to node udp */ 40 2400 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 source IP range 192.168.0.60-192.168.0.62 destination IP range 192.168.0.60-192.168.0.62 /* 139 jboss node to node tcp */ Any idea ? Thanks in advance. Louis Coilliot -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAE9jN33LVPSCrK86gAzKiHxJjbcU5Vrk62bNU%3DwYr2ZTEVhVyg%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.