search

puppetlabs / puppetlabs-firewall

Puppet Firewall Module
http://forge.puppetlabs.com/puppetlabs/firewall
Apache License 2.0
269 stars 455 forks source link

single quotes in rule comments produces errors #1215

Open capull0 opened 2 months ago

capull0 commented 2 months ago

Describe the Bug

If you add a rule with single quotes in the comment or if you use resources { 'firewall': purge => true, } to get rid of unmanaged rules, but with single quotes you will get an error Example: Error: firewall[100 allow SSH gateway \'10.79.251.5/32\']: Deleting: Failed after 0.016324 seconds: Execution of 'iptables -t filter -D INPUT -s 10.79.251.5/32 -p tcp -m comment --comment "100 allow SSH gateway \'10.79.251.5/32\'" -j ACCEPT' returned 1: iptables: Bad rule (does a matching rule exist in that chain?). Error: /Stage[main]/Poma_profiles::Firewall/Firewall[100 allow SSH gateway \'10.79.251.5/32\']: Could not evaluate: Execution encountered an error

Expected Behavior

the firewall module should be able to handle single quotes

Steps to Reproduce

Steps to reproduce the behavior:

  1. create manually a rule with single quotes in the comment
  2. let the puppet module purge unmanaged rules
  3. get the error

Environment

Additional Context

I updated the module version from a very old version 3.3.0 to 8.0.1. With 3.3.0 single quotes were no problem. I removed all single quotes from our rules. Right know i have to run a iptables -F with puppet exec once, to get rid of unwanted rules, else i would have duplicated rules, because purge => true will throw errors

2fa commented 2 months ago

It should be fixed in #1210

capull0 commented 2 months ago

thank you, for the quick answer.

2fa commented 2 months ago

I'm not the author of the module, just a contributor, but thank you.

I recently too upgraded from 3.3.0 and found a lot of problems with the latest version. I recommend to downgrade to the latest 6.X for a time being @capull0

capull0 commented 2 months ago

better to keep the issue open :)