Ask Your Question
0

how to ignore iptables internal chain when purge firewallchain

asked 2017-06-26 21:53:36 -0500

clux gravatar image

updated 2017-07-01 03:27:29 -0500

When I use

  resources { 'firewallchain':
    purge => true,
  }

I got errors beow:

Warning: Firewallchain[INPUT:filter:IPv4](provider=iptables_chain): Attempting to destroy internal chain INPUT:filter:IPv4
Error: Execution of '/sbin/iptables -t filter -X INPUT' returned 1: iptables: Invalid argument. Run `dmesg' for more information.
Error: /Stage[main]/Main/Node[default]/Firewallchain[INPUT:filter:IPv4]/ensure: change from present to absent failed: Execution of '/sbin/iptables -t filter -X INPUT' returned 1: iptables: Invalid argument. Run `dmesg' for more information.

Then I tried:

  resources { 'firewallchain':
    purge => true,
    ignore => [
      'INPUT',
      'OUTPUT',
      'FORWARD',
      'PREROUTING',
      'POSTROUTING',
    ]
  }

Then I got another error:

Error: no parameter named 'ignore' at /root/test.pp:13 on Resources[firewallchain] at /root/test.pp:13 on node testnode

so my question is how to ignore iptables internal chain when purge firewallchain.

Thanks in advance.

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2017-07-11 07:12:24 -0500

Felix Barbeira gravatar image

If you don't use that internal tables you can unload related kernel modules and then the puppet catalog is applied fine. For example with 'security' table:

# lsmod | grep -i secur
ip6table_security      16384  0
ip6_tables             28672  2 ip6table_filter,ip6table_security
x_tables               36864  12 ip6table_filter,xt_hl,xt_comment,ip_tables,ip6table_security,xt_limit,xt_conntrack,xt_LOG,xt_multiport,iptable_filter,ip6_tables,ip6t_REJECT
# rmmod ip6table_security
#

Same with 'mangle' and 'nat'.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

Stats

Asked: 2017-06-26 21:53:36 -0500

Seen: 51 times

Last updated: Jul 11