If I have puppet-agent 1.10 or 5.1.0-1 installed and try to add iptables rules via puppetlabs-firewall module it fails saying
journalctl log for iptables:
-- Logs begin at Fri 2017-09-01 10:38:08 PDT, end at Tue 2017-09-05 16:51:52 PDT. --
Sep 05 16:50:08 billj7-5.test.j2noc.com systemd[1]: Stopping IPv4 firewall with iptables...
Sep 05 16:50:08 billj7-5.test.j2noc.com iptables.init[25672]: iptables: Setting chains to policy ACCEPT: filter nat [ OK ]
Sep 05 16:50:08 billj7-5.test.j2noc.com iptables.init[25672]: iptables: Flushing firewall rules: [ OK ]
Sep 05 16:50:08 billj7-5.test.j2noc.com iptables.init[25672]: iptables: Unloading modules: [ OK ]
Sep 05 16:50:08 billj7-5.test.j2noc.com systemd[1]: Stopped IPv4 firewall with iptables.
Sep 05 16:51:52 billj7-5.test.j2noc.com systemd[1]: Assertion failed for IPv4 firewall with iptables.
Error: /Stage[main]/Firewall::Linux::Redhat/Service[iptables]/ensure: change from stopped to running failed: Systemd start for iptables failed!
If I touch /etc/sysconfig/iptables and start iptables on centos 7 firewall module then correctly configures iptables. On centos 6 it still fails.
If I install puppet-3.8.7 firewall module works fine (I tried both 1.8.2 & 1.9.0).
Behaves the same with a puppet master running puppet 4 or puppet 5.
The node's manifest has this:
class {'firewall': ensure => running, }
firewall {'102 forward port 443 to 8444':
table => 'nat',
chain => 'PREROUTING',
proto => 'tcp',
dport => '443',
jump => 'REDIRECT',
toports => '8444'
}
↧