Ask Your Question
1

Failed to apply catalog: Parameter source failed on Firewall

asked 2016-01-12 00:12:03 -0500

nobody gravatar image

updated 2016-01-12 01:44:22 -0500

Hi there! How i can set source interface address in firewall rule? I try it:

    firewall { '000 her':
      chain     => 'PREROUTING',
      table     => 'raw',
      source    => '! <%= ipaddress_eth0 %>',
      jump      => 'NOTRACK',
    }

but get an error:

    Error: Failed to apply catalog: Parameter source failed on Firewall[000 her]: host_to_ip failed for ! <%= ipaddress_eth0 %>, exception no address for <%= ipaddress_eth0 %> at /etc/puppetlabs/code/environments/production/manifests/iptables.pp:4
    Wrapped exception:
    host_to_ip failed for ! <%= ipaddress_eth0 %>, exception no address for <%= ipaddress_eth0 %>

before i used content => template("client/iptables.rules" with <%= ipaddress_eth0 %> and all worked correct, but now i use module puppetlabs-firewall and i don't understand how set there interface address ...

UPDATE:

I made this:

$address = inline_template("<%= scope.lookupvar('::ipaddress_eth0') -%>")
    firewall { '000 her':
        chain     => 'PREROUTING',
        table     => 'raw',
        #source    => $address,
        source    => '! ${address}',
        jump      => 'NOTRACK',
    }

But now i get an error:

Error: Failed to apply catalog: Parameter source failed on Firewall[000 her]: host_to_ip failed for ! ${address}, exception no address for ${address} at /etc/puppetlabs/code/environments/production/manifests/iptables.pp:5

Wrapped exception: hosttoip failed for ! ${address}, exception no address for ${address}

This rule "source => ${address}," works fine, but i need this rule: "source => '! ${address}',". How transfer variable to firewall?

Some server info:

    [root@her code]# uname -a
    Linux her 3.10.0-327.3.1.el7.x86_64 #1 SMP Wed Dec 9 14:09:15 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
    [root@her code]# cat /etc/centos-release
    CentOS Linux release 7.2.1511 (Core)

    [root@her code]# puppet master --version
    4.3.1
    [root@her code]# rpm -qa | grep pupp
    puppetlabs-release-pc1-1.0.0-1.el7.noarch
            puppet-agent-1.3.2-1.el7.x86_64
            puppetdb-3.2.2-1.el7.noarch
            puppetdb-termini-3.2.2-1.el7.noarch
            puppetserver-2.2.1-1.el7.noarch

    [root@her code]# puppet module list
    /etc/puppetlabs/code/environments/production/modules
    +-- puppetlabs-apt (v2.2.1)
    +-- puppetlabs-concat (v1.2.5)
    +-- puppetlabs-firewall (v1.7.2)
    +-- puppetlabs-inifile (v1.4.3)
    +-- puppetlabs-postgresql (v4.6.1)
    +-- puppetlabs-puppetdb (v5.0.0)
    L-- puppetlabs-stdlib (v4.10.0)
    /etc/puppetlabs/code/modules (no modules installed)
    /opt/puppetlabs/puppet/modules (no modules installed)
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2016-01-12 01:38:25 -0500

nobody gravatar image

updated 2016-01-12 02:03:34 -0500

$address = inline_template("<%= scope.lookupvar('::ipaddress_eth0') -%>")
    firewall { '300 Notrack our eth0':
        chain          => 'PREROUTING',
        table          => 'raw',
        destination    => "! ${address}",
        jump           => 'NOTRACK',
    }
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2016-01-12 00:12:03 -0500

Seen: 381 times

Last updated: Jan 12 '16