[Puppet Users] Problem with puppetlabs-firewall and ip range

Sun, 26 Jan 2014 14:36:54 -0800 

Hello,

I use puppetlabs-firewall 0.4.2

I have some rules :

firewall { '138 jboss node to node udp' :
        chain       => 'INPUT',
        proto       => 'udp',
        src_range   => $jboss7::params::ip_range,
        dst_range   => $jboss7::params::ip_range,
        action      => 'accept',
    }

    firewall { '139 jboss node to node tcp' :
        chain       => 'INPUT',
        proto       => 'tcp',
        src_range   => $jboss7::params::ip_range,
        dst_range   => $jboss7::params::ip_range,
        action      => 'accept',
    }

Each time I run puppet on the node, I have some configuration changes :

First run :

Notice: /Firewall[138 jboss node to node udp]/src_range: src_range changed
'udp' to '192.168.0.60-192.168.0.62'
Notice: /Firewall[138 jboss node to node udp]/proto: proto changed
'192.168.0.60-192.168.0.62' to 'udp'
Notice: Firewall[138 jboss node to node udp](provider=iptables): Properties
changed - updating rule
Notice: /Firewall[139 jboss node to node tcp]/src_range: src_range changed
'tcp' to '192.168.0.60-192.168.0.62'
Notice: /Firewall[139 jboss node to node tcp]/proto: proto changed
'192.168.0.60-192.168.0.62' to 'tcp'
Notice: Firewall[139 jboss node to node tcp](provider=iptables): Properties
changed - updating rule

Second run :
Notice: /Firewall[138 jboss node to node udp]/src_range: src_range changed
'udp' to '192.168.0.60-192.168.0.62'
Notice: /Firewall[138 jboss node to node udp]/proto: proto changed
'192.168.0.60-192.168.0.62' to 'udp'
Notice: Firewall[138 jboss node to node udp](provider=iptables): Properties
changed - updating rule
Notice: /Firewall[139 jboss node to node tcp]/src_range: src_range changed
'tcp' to '192.168.0.60-192.168.0.62'
Notice: /Firewall[139 jboss node to node tcp]/proto: proto changed
'192.168.0.60-192.168.0.62' to 'tcp'
Notice: Firewall[139 jboss node to node tcp](provider=iptables): Properties
changed - updating rule

And so on.

The rules seem to be applied correctly :

# iptables -L -n -v | egrep 'Chain INPUT|pkts|node to node'
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0
0.0.0.0/0           source IP range 192.168.0.60-192.168.0.62 destination
IP range 192.168.0.60-192.168.0.62 /* 138 jboss node to node udp */
   40  2400 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0           source IP range 192.168.0.60-192.168.0.62 destination
IP range 192.168.0.60-192.168.0.62 /* 139 jboss node to node tcp */


Any idea ?

Thanks in advance.

Louis Coilliot

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAE9jN33LVPSCrK86gAzKiHxJjbcU5Vrk62bNU%3DwYr2ZTEVhVyg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to