I am starting to experiment with the firewall module and as part of a test attempted to move a rule between two chains (INPUT and a user-defined one). The firewall module noticed that the rule had changed but then attempted to use "iptables -R" to move the rule. Because it was moving from one chain to another this rule needed deleting and reinserting. The error was reported as:-

err: /Firewall[500 ssh]: Could not evaluate: Execution of '/sbin/iptables -R tests 1 -t filter -p tcp -m multiport --dports 22 -m comment --comment 500 ssh -j ACCEPT' returned 1: iptables: Index of replacement too big.

Is this type of change something that the firewall module should be able to cope with, or am I misunderstanding something? This fault seems to be in both the current repository copy as well as release 0.0.4 of this module. It looks to be quite nasty, as had there already been some other rule number 1 in the target chain this would have been silently and incorrectly replaced.

Chris Ritson (Computing Officer and School Safety Officer)

Room 707, Claremont Tower, EMAIL: c.r.ritson@ncl.ac.uk
School of Computing Science, PHONE: +44 191 222 8175
Newcastle University, FAX : +44 191 222 8232
Newcastle upon Tyne, UK NE1 7RU. WEB : http://www.cs.ncl.ac.uk/

You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
postedJun 26, '12 at 4:03p
activeJun 26, '12 at 4:03p

1 user in discussion

C R Ritson: 1 post



site design / logo © 2022 Grokbase