Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No value is detected for nflog-prefix #1182

Open
cgrycki opened this issue Nov 30, 2023 · 2 comments
Open

No value is detected for nflog-prefix #1182

cgrycki opened this issue Nov 30, 2023 · 2 comments

Comments

@cgrycki
Copy link

cgrycki commented Nov 30, 2023

Describe the Bug

When the module parses existing rules with the nflog-prefix property, it incorrectly identifies the value as an empty string. As a result, every time the puppet agent runs, it detects a change to nflog_prefix and updates the rule with the same value.

The issue seems to stem from an additional space between "--nflog-prefix" and the value in the output of iptables-save and ip6tables-save. The regex that parses this rule appears to be expecting a single space, but there are two spaces.

value_regex = Regexp.new("(?:(!\\s))?#{value}\\s(?:\"([^\"]*)|([^\"\\s]*))")

Expected Behavior

The module identifies the correct value of the nflog-prefix property when it parses rules from the output of iptables-save and ip6tables-save.

Steps to Reproduce

  1. Use this module to manage a rule with the nflog_prefix property configured.
  2. Observe from the output of the puppet agent that the rule is updated every time that the agent runs.

Environment

  • puppetlabs-firewall 7.0.2
  • Puppet Enterprise 2021.7.6
  • Puppet Agent 7.27.0
  • Ubuntu 22.04

Additional Context

I have also confirmed on Ubuntu 20.04 that the output of iptables-save has two spaces between --nflog-prefix and the value.

@weastur
Copy link

weastur commented Feb 20, 2024

+1

@durist
Copy link

durist commented Jun 5, 2024

+1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants