search

puppetlabs / puppetlabs-firewall

Puppet Firewall Module
http://forge.puppetlabs.com/puppetlabs/firewall
Apache License 2.0
271 stars 456 forks source link

No value is detected for nflog-prefix #1182

Open cgrycki opened 10 months ago

cgrycki commented 10 months ago

Describe the Bug

When the module parses existing rules with the nflog-prefix property, it incorrectly identifies the value as an empty string. As a result, every time the puppet agent runs, it detects a change to nflog_prefix and updates the rule with the same value.

The issue seems to stem from an additional space between "--nflog-prefix" and the value in the output of iptables-save and ip6tables-save. The regex that parses this rule appears to be expecting a single space, but there are two spaces. https://github.com/puppetlabs/puppetlabs-firewall/blob/3ff86aab2b9a7010ab136ebac7a274631c4a3a68/lib/puppet/provider/firewall/firewall.rb#L535

Expected Behavior

The module identifies the correct value of the nflog-prefix property when it parses rules from the output of iptables-save and ip6tables-save.

Steps to Reproduce

  1. Use this module to manage a rule with the nflog_prefix property configured.
  2. Observe from the output of the puppet agent that the rule is updated every time that the agent runs.

Environment

Additional Context

I have also confirmed on Ubuntu 20.04 that the output of iptables-save has two spaces between --nflog-prefix and the value.

weastur commented 7 months ago

+1

durist commented 3 months ago

+1