I am starting to experiment with the firewall module and as part of a test attempted to move a rule between two chains (INPUT and a user-defined one). The firewall module noticed that the rule had changed but then attempted to use "iptables -R" to move the rule. Because it was moving from one chain to another this rule needed deleting and reinserting. The error was reported as:-
err: /Firewall[500 ssh]: Could not evaluate: Execution of '/sbin/iptables -R tests 1 -t filter -p tcp -m multiport --dports 22 -m comment --comment 500 ssh -j ACCEPT' returned 1: iptables: Index of replacement too big. Is this type of change something that the firewall module should be able to cope with, or am I misunderstanding something? This fault seems to be in both the current repository copy as well as release 0.0.4 of this module. It looks to be quite nasty, as had there already been some other rule number 1 in the target chain this would have been silently and incorrectly replaced. Chris Ritson (Computing Officer and School Safety Officer) Room 707, Claremont Tower, EMAIL: [email protected] School of Computing Science, PHONE: +44 191 222 8175 Newcastle University, FAX : +44 191 222 8232 Newcastle upon Tyne, UK NE1 7RU. WEB : http://www.cs.ncl.ac.uk/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
