Hello, The source and destination parameters accept both IP address or a hostname. If using a hostname, the firewall module thinks the rule changed each time it runs reporting:
notice: /Firewall[300 allow netbackup traffic from nbmaster2-63.example.com]/source: current_value 192.168.63.42/32, should be nbmaster2-63.example.com (noop) Is there an easy workaround to this? other than not using hostnames? A similar issue is also seen with the value of debug-level. From some reason it always thinks it needs to be reset: notice: /Firewall[998 drop noisy local traffic]/log_level: current_value , should be warning (noop) # Log everything else, then reject it with the default deny rule firewall { '998 drop noisy local traffic': state => 'NEW', log_level => warning, jump => 'LOG', } iptables -nL shows this rule as: LOG tcp -- 0.0.0.0/0 0.0.0.0/0 /* 998 drop noisy local traffic */ state NEW LOG flags 0 level 4 I tried setting "log_level" to 4, instead of "warning" and got : notice: /Firewall[998 drop noisy local traffic]/log_level: current_value , should be 4 (noop) Thanks a lot. Mohamed. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.