search

sous-chefs / firewall

Development repository for the firewall cookbook
https://supermarket.chef.io/cookbooks/firewall
Apache License 2.0
97 stars 150 forks source link

RHEL 8.5 Cannot be configured with firewalld #243

Open nhillsdonuk opened 2 years ago

nhillsdonuk commented 2 years ago

:speaking_head: Foreword

Thank for taking the time to fill this bug report fully. Without it we may not be able to fix the bug, and the issue may be closed without resolution.

:ghost: Brief Description

Standard Minimal Server ISO install of RHEL8.5 uses firewalld, enabled and running with zone public. By declaring this firewall cookbook to takeover, it always drops firewalld and installs a full set of IPTables, regardless of attributes given.

:pancakes: Cookbook version

Depends currently set to 4.0.0

:woman_cook: Chef-Infra Version

17.8.25

:tophat: Platform details

Self hosted RHEL8.5 from default ISO with minimal server

Steps To Reproduce

Steps to reproduce the behavior:

Depend this cookbook. Declare: firewall 'any' do anything end

Will disable firewalld and install IPTables.

:police_car: Expected behavior

Firewalld to be installed/enabled (which it is by default in the OS) and then zones/rules set.

:heavy_plus_sign: Additional context

I think this code is related, lines 22..24 in libraries/provider_firewall_firewalld.rb:

provides :firewall, os: 'linux', platform_family: %w(rhel fedora amazon) do |node| (node['platform_version'].to_i == 7 && !node['firewall']['redhat7_iptables']) || (amazon_linux? && !node['firewall']['redhat7_iptables']) end

jblaine commented 1 year ago

This is very likely fixed in https://github.com/sous-chefs/firewall/pull/247 but was never merged 14 months ago :(