Ask Your Question
0

puppetlabs/firewall

asked 2014-09-17 05:11:59 -0500

bzlom gravatar image

updated 2016-06-15 03:56:10 -0500

Installed and configured the puppetlabs/firewall - but during the deployment (puppet agent --test) I receive warnings like these ones:

info: Retrieving plugin
info: Loading facts in /var/lib/puppet/lib/facter/iptables_persistent_version.rb
info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
info: Loading facts in /var/lib/puppet/lib/facter/iptables_version.rb
info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
info: Loading facts in /var/lib/puppet/lib/facter/ip6tables_version.rb
info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
info: Caching catalog for demo
info: /Firewall[000 accept all packets]: Provider iptables does not support features hop_limiting; not managing attribute hop_limit 
info: /Firewall[000 accept all packets]: Provider iptables does not support features ishasmorefrags; not managing attribute ishasmorefrags 
info: /Firewall[000 accept all packets]: Provider iptables does not support features islastfrag; not managing attribute islastfrag
info: /Firewall[000 accept all packets]: Provider iptables does not support features isfirstfrag; not managing attribute isfirstfrag
info: /Firewall[000 accept all packets]: Provider iptables does not support features mask; not managing attribute mask
info: /Firewall[050 reject port 8090]: Provider iptables does not support features hop_limiting; not managing attribute hop_limit
info: /Firewall[050 reject port 8090]: Provider iptables does not support features ishasmorefrags; not managing attribute ishasmorefrags
info: /Firewall[050 reject port 8090]: Provider iptables does not support features islastfrag; not managing attribute islastfrag
info: /Firewall[050 reject port 8090]: Provider iptables does not support features isfirstfrag; not managing attribute isfirstfrag
info: /Firewall[050 reject port 8090]: Provider iptables does not support features mask; not managing attribute mask

Apparently the features hop_limiting, ishasmorefrags, islastfrag, isfirstfrag, mask are no supported for some strange reason.

OS: Ubuntu 12.04.4 LTS Iptables version: iptables v1.4.12 facter: 1.6.17 puppet client: 2.7.11 puppetmaster: 3.1.1

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2016-06-15 03:32:35 -0500

Tozz gravatar image

The markup in your question is terrible. Please use codeblocks next time.

Your assumption that the features are not supported is correct, but that is not a Puppet issue but an iptables issue. The iptables command that Puppet generates returns an error. So, iptables generated an error which is reported back to you.

The feature "isfirstfrag" is an IPv6 feature. But I see in your logs you are using provider "iptables". If your intention was to use isfirstfrag with IPv6 you need to add:

provider => 'ip6tables',

Please also see the manual for a list of supported features per provider.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2014-09-17 05:11:59 -0500

Seen: 299 times

Last updated: Jun 15 '16