Open 2fa opened 5 months ago
After testing latest version of firewall module i've noticed that puppet applies catalog significantly longer compared to the previous version.
After a bit of strace it looks like new version makes several iptables-save calls every time it applies each rule.
iptables-save
Old version ~# grep -c "execve(\"/usr/sbin/iptables-save" strace1.out 60 New version ~# grep -c "execve(\"/usr/sbin/iptables-save" strace2.out 296
For some machines catalog application time increased more than 2x (from 50 to 120 seconds, for example).
Firewall resource should not make multiple iptables-save calls for each rule.
It is related to #1100
Describe the Bug
After testing latest version of firewall module i've noticed that puppet applies catalog significantly longer compared to the previous version.
After a bit of strace it looks like new version makes several
iptables-savecalls every time it applies each rule.For some machines catalog application time increased more than 2x (from 50 to 120 seconds, for example).
Expected Behavior
Firewall resource should not make multiple
iptables-savecalls for each rule.Environment
Additional Context
It is related to #1100