FAQ
I am using the puppetlabs firewall module and i get the following error on
the agent

once i downloaded the puppet module i created another module called my*fw
for pre and post.pp files my*fw/manifests/pre.pp my_fw/manifests/post.pp

and in my site.pp i included these lines

resources { "firewall":
   purge => true}Firewall {
   before => Class['my_fw::post'],
   require => Class['my_fw::pre'],}class { ['my_fw::pre', 'my_fw::post']: }class { 'firewall': }

i see this error on the daemon.log of the agent machine

Aug 28 17:11:07 dev2-db puppet-agent[5154]: (/Stage[main]//Node[dev2-db]/Resources[firewall]) Failed to generate additional resources using 'generate': Invalid address from IPAddr.new: !Aug 28 17:11:08 dev2-db puppet-agent[5154]: Could not prefetch firewall provider 'iptables': Invalid address from IPAddr.new: !Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[000 accept all icmp]) Could not evaluate: Invalid address from IPAddr.new: !
Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo interface]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo interface]) Skipping because of failed dependencies
Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept related established rules]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept related established rules]) Skipping because of failed dependencies
Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[999 drop all]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[999 drop all]) Skipping because of failed dependenciesAug 28 17:11:08 dev2-db puppet-agent[5154]: Finished catalog run in 1.19 seconds

if anyone has any prior experience with this, please let me know





--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • Ashley Penney at Aug 29, 2013 at 12:34 pm

    On Thu, Aug 29, 2013 at 12:57 AM, Amol Kedar wrote:

    i see this error on the daemon.log of the agent machine

    Aug 28 17:11:07 dev2-db puppet-agent[5154]: (/Stage[main]//Node[dev2-db]/Resources[firewall]) Failed to generate additional resources using 'generate': Invalid address from IPAddr.new: !Aug 28 17:11:08 dev2-db puppet-agent[5154]: Could not prefetch firewall provider 'iptables': Invalid address from IPAddr.new: !Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[000 accept all icmp]) Could not evaluate: Invalid address from IPAddr.new: !
    Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo interface]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo interface]) Skipping because of failed dependencies
    Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept related established rules]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept related established rules]) Skipping because of failed dependencies
    Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[999 drop all]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[999 drop all]) Skipping because of failed dependenciesAug 28 17:11:08 dev2-db puppet-agent[5154]: Finished catalog run in 1.19 seconds

    if anyone has any prior experience with this, please let me know
    I haven't seen this before but - can you show me a full iptables from an
    existing client, a full ifconfig, and maybe even the result of:

    $ irb
    irb(main):002:0> require 'ipaddr'
    => true
    irb(main):003:0> IPAddr.new
    => #<IPAddr:
    IPv6:0000:0000:0000:0000:0000:0000:0000:0000/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff>

    That's what I get for a plain call to IPAddr.new, I'm wondering what you're
    getting.

    --
    Ashley Penney
    ashley.penney@puppetlabs.com
    Module Engineer

    *Join us at PuppetConf 2014, September 23-24 in San Francisco*

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users.
    For more options, visit https://groups.google.com/groups/opt_out.
  • James Loosli at Nov 5, 2013 at 8:42 pm
    I'm getting this same error, but for me it shows up from a basic puppet
    resource firewall;

    root@drawer:/etc/puppet/environments/development/modules# puppet resource
    firewall

    Error: Could not run: Invalid address from IPAddr.new: !

    root@drawer:/etc/puppet/environments/development/modules# irb

    irb(main):001:0> require 'ipaddr'

    => true

    irb(main):002:0> IPAddr.new

    => #<IPAddr:
    IPv6:0000:0000:0000:0000:0000:0000:0000:0000/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff>

    My ip config;

    root@drawer:/etc/puppet/environments/development/modules# ip addr

    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN

         link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

         inet 127.0.0.1/8 scope host lo

         inet6 ::1/128 scope host

            valid_lft forever preferred_lft forever

    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
    UP qlen 1000

         link/ether 00:25:90:a7:98:79 brd ff:ff:ff:ff:ff:ff

         inet 208.115.208.242/29 brd 208.115.208.247 scope global eth0

         inet6 fe80::225:90ff:fea7:9879/64 scope link

            valid_lft forever preferred_lft forever

    3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
    UP qlen 1000

         link/ether 00:25:90:a7:98:78 brd ff:ff:ff:ff:ff:ff

         inet 10.4.16.194/30 brd 10.4.16.195 scope global eth1

         inet6 fe80::225:90ff:fea7:9878/64 scope link

            valid_lft forever preferred_lft forever

    On Thursday, August 29, 2013 5:34:34 AM UTC-7, Ashley Penney wrote:

    On Thu, Aug 29, 2013 at 12:57 AM, Amol Kedar <ajk...@gmail.com<javascript:>
    wrote:
    i see this error on the daemon.log of the agent machine

    Aug 28 17:11:07 dev2-db puppet-agent[5154]: (/Stage[main]//Node[dev2-db]/Resources[firewall]) Failed to generate additional resources using 'generate': Invalid address from IPAddr.new: !Aug 28 17:11:08 dev2-db puppet-agent[5154]: Could not prefetch firewall provider 'iptables': Invalid address from IPAddr.new: !Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[000 accept all icmp]) Could not evaluate: Invalid address from IPAddr.new: !
    Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo interface]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo interface]) Skipping because of failed dependencies
    Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept related established rules]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept related established rules]) Skipping because of failed dependencies
    Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[999 drop all]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[999 drop all]) Skipping because of failed dependenciesAug 28 17:11:08 dev2-db puppet-agent[5154]: Finished catalog run in 1.19 seconds

    if anyone has any prior experience with this, please let me know
    I haven't seen this before but - can you show me a full iptables from an
    existing client, a full ifconfig, and maybe even the result of:

    $ irb
    irb(main):002:0> require 'ipaddr'
    => true
    irb(main):003:0> IPAddr.new
    => #<IPAddr:
    IPv6:0000:0000:0000:0000:0000:0000:0000:0000/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff>

    That's what I get for a plain call to IPAddr.new, I'm wondering what
    you're getting.

    --
    Ashley Penney
    ashley...@puppetlabs.com <javascript:>
    Module Engineer

    *Join us at PuppetConf 2014, September 23-24 in San Francisco*
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5e4c10a6-a405-4bb9-bbe9-0996ec0cd577%40googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Tomas Barton at Dec 12, 2013 at 2:32 pm
    I'm getting the same error. Any progress on this?

    Thanks,
    Tomas
    On Tuesday, 5 November 2013 21:42:26 UTC+1, James Loosli wrote:

    I'm getting this same error, but for me it shows up from a basic puppet
    resource firewall;

    root@drawer:/etc/puppet/environments/development/modules# puppet resource
    firewall

    Error: Could not run: Invalid address from IPAddr.new: !

    root@drawer:/etc/puppet/environments/development/modules# irb

    irb(main):001:0> require 'ipaddr'

    => true

    irb(main):002:0> IPAddr.new

    => #<IPAddr:
    IPv6:0000:0000:0000:0000:0000:0000:0000:0000/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff>

    My ip config;

    root@drawer:/etc/puppet/environments/development/modules# ip addr

    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

    valid_lft forever preferred_lft forever

    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
    UP qlen 1000

    link/ether 00:25:90:a7:98:79 brd ff:ff:ff:ff:ff:ff

    inet 208.115.208.242/29 brd 208.115.208.247 scope global eth0

    inet6 fe80::225:90ff:fea7:9879/64 scope link

    valid_lft forever preferred_lft forever

    3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
    UP qlen 1000

    link/ether 00:25:90:a7:98:78 brd ff:ff:ff:ff:ff:ff

    inet 10.4.16.194/30 brd 10.4.16.195 scope global eth1

    inet6 fe80::225:90ff:fea7:9878/64 scope link

    valid_lft forever preferred_lft forever

    On Thursday, August 29, 2013 5:34:34 AM UTC-7, Ashley Penney wrote:
    On Thu, Aug 29, 2013 at 12:57 AM, Amol Kedar wrote:

    i see this error on the daemon.log of the agent machine

    Aug 28 17:11:07 dev2-db puppet-agent[5154]: (/Stage[main]//Node[dev2-db]/Resources[firewall]) Failed to generate additional resources using 'generate': Invalid address from IPAddr.new: !Aug 28 17:11:08 dev2-db puppet-agent[5154]: Could not prefetch firewall provider 'iptables': Invalid address from IPAddr.new: !Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[000 accept all icmp]) Could not evaluate: Invalid address from IPAddr.new: !
    Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo interface]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo interface]) Skipping because of failed dependencies
    Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept related established rules]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept related established rules]) Skipping because of failed dependencies
    Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[999 drop all]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[999 drop all]) Skipping because of failed dependenciesAug 28 17:11:08 dev2-db puppet-agent[5154]: Finished catalog run in 1.19 seconds

    if anyone has any prior experience with this, please let me know
    I haven't seen this before but - can you show me a full iptables from an
    existing client, a full ifconfig, and maybe even the result of:

    $ irb
    irb(main):002:0> require 'ipaddr'
    => true
    irb(main):003:0> IPAddr.new
    => #<IPAddr:
    IPv6:0000:0000:0000:0000:0000:0000:0000:0000/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff>

    That's what I get for a plain call to IPAddr.new, I'm wondering what
    you're getting.

    --
    Ashley Penney
    ashley...@puppetlabs.com
    Module Engineer

    *Join us at PuppetConf 2014, September 23-24 in San Francisco*
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e1fa4f9d-cbae-45c3-8c84-2481169a0422%40googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Zane Williamson at Dec 31, 2013 at 6:14 am
    I am having the same issue described here.
    On Thursday, December 12, 2013 6:26:37 AM UTC-8, Tomas Barton wrote:

    I'm getting the same error. Any progress on this?

    Thanks,
    Tomas
    On Tuesday, 5 November 2013 21:42:26 UTC+1, James Loosli wrote:

    I'm getting this same error, but for me it shows up from a basic puppet
    resource firewall;

    root@drawer:/etc/puppet/environments/development/modules# puppet resource
    firewall

    Error: Could not run: Invalid address from IPAddr.new: !

    root@drawer:/etc/puppet/environments/development/modules# irb

    irb(main):001:0> require 'ipaddr'

    => true

    irb(main):002:0> IPAddr.new

    => #<IPAddr:
    IPv6:0000:0000:0000:0000:0000:0000:0000:0000/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff>

    My ip config;

    root@drawer:/etc/puppet/environments/development/modules# ip addr

    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

    valid_lft forever preferred_lft forever

    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
    state UP qlen 1000

    link/ether 00:25:90:a7:98:79 brd ff:ff:ff:ff:ff:ff

    inet 208.115.208.242/29 brd 208.115.208.247 scope global eth0

    inet6 fe80::225:90ff:fea7:9879/64 scope link

    valid_lft forever preferred_lft forever

    3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
    state UP qlen 1000

    link/ether 00:25:90:a7:98:78 brd ff:ff:ff:ff:ff:ff

    inet 10.4.16.194/30 brd 10.4.16.195 scope global eth1

    inet6 fe80::225:90ff:fea7:9878/64 scope link

    valid_lft forever preferred_lft forever

    On Thursday, August 29, 2013 5:34:34 AM UTC-7, Ashley Penney wrote:
    On Thu, Aug 29, 2013 at 12:57 AM, Amol Kedar wrote:

    i see this error on the daemon.log of the agent machine

    Aug 28 17:11:07 dev2-db puppet-agent[5154]: (/Stage[main]//Node[dev2-db]/Resources[firewall]) Failed to generate additional resources using 'generate': Invalid address from IPAddr.new: !Aug 28 17:11:08 dev2-db puppet-agent[5154]: Could not prefetch firewall provider 'iptables': Invalid address from IPAddr.new: !Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[000 accept all icmp]) Could not evaluate: Invalid address from IPAddr.new: !
    Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo interface]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo interface]) Skipping because of failed dependencies
    Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept related established rules]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept related established rules]) Skipping because of failed dependencies
    Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[999 drop all]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[999 drop all]) Skipping because of failed dependenciesAug 28 17:11:08 dev2-db puppet-agent[5154]: Finished catalog run in 1.19 seconds

    if anyone has any prior experience with this, please let me know
    I haven't seen this before but - can you show me a full iptables from an
    existing client, a full ifconfig, and maybe even the result of:

    $ irb
    irb(main):002:0> require 'ipaddr'
    => true
    irb(main):003:0> IPAddr.new
    => #<IPAddr:
    IPv6:0000:0000:0000:0000:0000:0000:0000:0000/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff>

    That's what I get for a plain call to IPAddr.new, I'm wondering what
    you're getting.

    --
    Ashley Penney
    ashley...@puppetlabs.com
    Module Engineer

    *Join us at PuppetConf 2014, September 23-24 in San Francisco*
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/369eeb5a-3398-4bd4-8d73-c886e766be0b%40googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Zane Williamson at Dec 31, 2013 at 7:19 am
    All of my other servers seem fine, but this is a new virtual server on a
    Xen host. I wonder if it could be related to the virutalization and
    network bridging.

    $ puppet resource firewall --debug --verbose
    Debug: Puppet::Type::Firewall::ProviderIptables: [instances]
    Debug: Executing '/sbin/iptables-save'
    Error: Could not run: Invalid address from IPAddr.new: !




    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/921fdbcb-9f1e-4302-a012-3b059384940b%40googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Zane Williamson at Dec 31, 2013 at 7:39 am
    My issue is related to

    -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j
    MASQUERADE --to-ports 1024-65535
    -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j
    MASQUERADE --to-ports 1024-65535
    -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE

    The "!" mark is breaking the parsing method.

    Appears to be related to

    https://github.com/puppetlabs/puppetlabs-firewall/pull/267
    and
    https://github.com/puppetlabs/puppetlabs-firewall/issues/141
    On Monday, December 30, 2013 11:19:04 PM UTC-8, Zane Williamson wrote:

    All of my other servers seem fine, but this is a new virtual server on a
    Xen host. I wonder if it could be related to the virutalization and
    network bridging.

    $ puppet resource firewall --debug --verbose
    Debug: Puppet::Type::Firewall::ProviderIptables: [instances]
    Debug: Executing '/sbin/iptables-save'
    Error: Could not run: Invalid address from IPAddr.new: !



    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d3665861-f848-4a2c-b1c0-5ecc85bb3ad4%40googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedAug 29, '13 at 5:15a
activeDec 31, '13 at 7:39a
posts7
users5
websitepuppetlabs.com

People

Translate

site design / logo © 2022 Grokbase